Information on source package vim

Available versions

ReleaseVersion
jessie2:7.4.488-7+deb8u3
jessie (security)2:7.4.488-7+deb8u2
stretch2:8.0.0197-4+deb9u1
buster2:8.1.0320-1
sid2:8.1.0320-1

Open issues

BugjessiestretchbustersidDescription
CVE-2017-17087vulnerable (no DSA)vulnerable (no DSA)fixedfixedfileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...
CVE-2017-11109vulnerable (no DSA, postponed)fixedfixedfixedVim 8.0 allows attackers to cause a denial of service (invalid free) or ...

Open unimportant issues

BugjessiestretchbustersidDescription
CVE-2017-1000382vulnerablevulnerablevulnerablevulnerableVIM version 8.0.1187 (and other versions most likely) ignores umask ...
CVE-2008-4677vulnerablevulnerablevulnerablevulnerableautoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...

Resolved issues

BugDescription
CVE-2017-6350An integer overflow at an unserialize_uep memory allocation site would ...
CVE-2017-6349An integer overflow at a u_read_undo memory allocation site would occur ...
CVE-2017-5953vim before patch 8.0.0322 does not properly validate values for tree ...
CVE-2016-1248vim before patch 8.0.0056 does not properly validate values for the ...
CVE-2010-3914Untrusted search path vulnerability in VIM Development Group GVim ...
CVE-2009-0316Untrusted search path vulnerability in src/if_python.c in the Python ...
CVE-2008-6235The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted ...
CVE-2008-4101Vim 3.0 through 7.x before 7.2.010 does not properly escape ...
CVE-2008-3432Heap-based buffer overflow in the mch_expand_wildcards function in ...
CVE-2008-3294src/configure.in in Vim 5.0 through 7.1, when used for a build with ...
CVE-2008-3076The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted ...
CVE-2008-3075The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, ...
CVE-2008-3074The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, ...
CVE-2008-2712Vim 7.1.314, 6.4, and other versions allows user-assisted remote ...
CVE-2007-2953Format string vulnerability in the helptags_one function in ...
CVE-2007-2438The sandbox for vim allows dangerous functions such as (1) writefile, ...
CVE-2005-2368vim 6.3 before 6.3.082, with modelines enabled, allows external ...
CVE-2005-0069The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...
CVE-2004-1138VIM before 6.3 and gVim before 6.3 allow local users to execute ...
CVE-2002-1377vim 6.0 and 6.1, and possibly other versions, allows attackers to ...

Security announcements

DSA / DLADescription
DLA-1030-1vim - security update
DLA-850-1vim - security update
DSA-3786-1vim - security update
DLA-822-1vim - security update
DSA-3722-1vim - security update
DLA-718-1vim - security update
DSA-1733-1vim - multiple vulnerabilities
DSA-1364-2vim - several vulnerabilities
DSA-1364-1vim
DSA-1364-1vim

Search for package or bug name: Reporting problems