Information on source package vim

Available versions

ReleaseVersion
stretch2:8.0.0197-4+deb9u3
buster2:8.1.0875-5
bullseye2:8.2.2434-3
bookworm2:8.2.2434-3
sid2:8.2.2434-3

Open issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2021-3796vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerablevim is vulnerable to Use After Free ...
CVE-2021-3778vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerablevim is vulnerable to Heap-based Buffer Overflow ...
CVE-2021-3770vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerablevim is vulnerable to Heap-based Buffer Overflow ...
CVE-2019-20807vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedIn Vim before 8.1.0881, users can circumvent the rvim restricted mode ...
CVE-2019-20079fixedvulnerable (no DSA)fixedfixedfixedThe autocmd feature in window.c in Vim before 8.1.2136 accesses freed ...
CVE-2017-17087vulnerable (no DSA)fixedfixedfixedfixedfileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp f ...

Open unimportant issues

BugstretchbusterbullseyebookwormsidDescription
CVE-2017-1000382vulnerablevulnerablevulnerablevulnerablevulnerableVIM version 8.0.1187 (and other versions most likely) ignores umask wh ...
CVE-2008-4677vulnerablevulnerablevulnerablevulnerablevulnerableautoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...

Resolved issues

BugDescription
CVE-2019-12735getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ...
CVE-2018-20786libvterm through 0+bzr726, as used in Vim and other products, mishandl ...
CVE-2017-11109Vim 8.0 allows attackers to cause a denial of service (invalid free) o ...
CVE-2017-6350An integer overflow at an unserialize_uep memory allocation site would ...
CVE-2017-6349An integer overflow at a u_read_undo memory allocation site would occu ...
CVE-2017-5953vim before patch 8.0.0322 does not properly validate values for tree l ...
CVE-2016-1248vim before patch 8.0.0056 does not properly validate values for the 'f ...
CVE-2010-3914Untrusted search path vulnerability in VIM Development Group GVim befo ...
CVE-2009-0316Untrusted search path vulnerability in src/if_python.c in the Python i ...
CVE-2008-6235The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted a ...
CVE-2008-4101Vim 3.0 through 7.x before 7.2.010 does not properly escape characters ...
CVE-2008-3432Heap-based buffer overflow in the mch_expand_wildcards function in os_ ...
CVE-2008-3294src/configure.in in Vim 5.0 through 7.1, when used for a build with Py ...
CVE-2008-3076The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted ...
CVE-2008-3075The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ...
CVE-2008-3074The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, al ...
CVE-2008-2712Vim 7.1.314, 6.4, and other versions allows user-assisted remote attac ...
CVE-2007-2953Format string vulnerability in the helptags_one function in src/ex_cmd ...
CVE-2007-2438The sandbox for vim allows dangerous functions such as (1) writefile, ...
CVE-2005-2368vim 6.3 before 6.3.082, with modelines enabled, allows external user-a ...
CVE-2005-0069The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local user ...
CVE-2004-1138VIM before 6.3 and gVim before 6.3 allow local users to execute arbitr ...
CVE-2002-1377vim 6.0 and 6.1, and possibly other versions, allows attackers to exec ...

Security announcements

DSA / DLADescription
DLA-1871-1vim - security update
DSA-4467-2vim - regression update
DSA-4467-1vim - security update
DLA-1030-1vim - security update
DLA-850-1vim - security update
DSA-3786-1vim - security update
DLA-822-1vim - security update
DSA-3722-1vim - security update
DLA-718-1vim - security update
DSA-1733-1vim - multiple vulnerabilities
DSA-1364-2vim - several vulnerabilities
DSA-1364-1vim
Search for package or bug name: Reporting problems