Fedora 29: vim Security Update

    Date12 Jun 2019
    CategoryFedora
    326
    Posted ByLinuxSecurity Advisories
    1717503 - Security issue: patch 8.1.1365: source command doesn't check for the sandbox
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-dcd49378b8
    2019-06-13 01:37:52.283252
    --------------------------------------------------------------------------------
    
    Name        : vim
    Product     : Fedora 29
    Version     : 8.1.1471
    Release     : 1.fc29
    URL         : http://www.vim.org/
    Summary     : The VIM editor
    Description :
    VIM (VIsual editor iMproved) is an updated and improved version of the
    vi editor.  Vi was the first real screen-based editor for UNIX, and is
    still very popular.  VIM improves on vi by adding new features:
    multiple windows, multi-level undo, block highlighting and more.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    1717503 - Security issue: patch 8.1.1365: source command doesn't check for the
    sandbox
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Jun  6 2019 Zdenek Dohnal  - 2:8.1.1471-1
    - patchlevel 1471
    * Tue May 28 2019 Zdenek Dohnal  - 2:8.1.1413-1
    - patchlevel 1413
    * Mon May 20 2019 Zdenek Dohnal  - 2:8.1.1359-2
    - stop updating f28
    * Mon May 20 2019 Zdenek Dohnal  - 2:8.1.1359-1
    - patchlevel 1359
    * Mon May 20 2019 Zdenek Dohnal  - 2:8.1.1137-2
    - remove upstream patch
    * Mon Apr  8 2019 Zdenek Dohnal  - 2:8.1.1137-1
    - patchlevel 1137
    * Mon Apr  8 2019 Zdenek Dohnal  - 2:8.1.1099-2
    - 1697104 - new spec file template contains deprecated tags
    * Tue Apr  2 2019 Zdenek Dohnal  - 2:8.1.1099-1
    - patchlevel 1099
    * Tue Mar 26 2019 Zdenek Dohnal  - 2:8.1.1048-2
    - add bundled libvterm
    * Mon Mar 25 2019 Zdenek Dohnal  - 2:8.1.1048-1
    - patchlevel 1048
    * Fri Mar  8 2019 Zdenek Dohnal  - 2:8.1.998-1
    - patchlevel 998
    * Fri Mar  8 2019 Zdenek Dohnal  - 2:8.1.994-2
    - F30 is already active in bodhi
    * Mon Mar  4 2019 Zdenek Dohnal  - 2:8.1.994-1
    - patchlevel 994
    * Wed Feb 20 2019 Zdenek Dohnal  - 2:8.1.956-1
    - patchlevel 956
    * Wed Feb 20 2019 Zdenek Dohnal  - 2:8.1.918-2
    - we have Fedora 30 branch now, enable updates for it in vim-update.sh
    * Thu Feb 14 2019 Zdenek Dohnal  - 2:8.1.918-1
    - patchlevel 918
    * Thu Feb 14 2019 Zdenek Dohnal  - 2:8.1.897-2
    - we do not need exact include path for python3 now
    * Tue Feb 12 2019 Zdenek Dohnal  - 2:8.1.897-1
    - patchlevel 897
    * Fri Feb  8 2019 Zdenek Dohnal  - 2:8.1.880-1
    - patchlevel 880
    * Mon Feb  4 2019 Zdenek Dohnal  - 2:8.1.873-1
    - patchlevel 873
    * Mon Feb  4 2019 Zdenek Dohnal  - 2:8.1.847-4
    - remove downstream fix for new ruby, upstream solved it different way
    * Sun Feb  3 2019 Fedora Release Engineering  - 2:8.1.847-3
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
    * Thu Jan 31 2019 Karsten Hopp  - 2:8.1.847-2
    - remove ancient Changelog.rpm
    * Wed Jan 30 2019 Zdenek Dohnal  - 2:8.1.847-2
    - fix patch for new ruby-2.6
    * Wed Jan 30 2019 Zdenek Dohnal  - 2:8.1.847-1
    - patchlevel 847
    * Tue Jan 29 2019 Zdenek Dohnal  - 2:8.1.837-2
    - FTBFS with new ruby-2.6
    * Mon Jan 28 2019 Zdenek Dohnal  - 2:8.1.837-1
    - patchlevel 837
    * Fri Jan 25 2019 Zdenek Dohnal  - 2:8.1.818-1
    - patchlevel 818
    * Tue Jan 22 2019 Zdenek Dohnal  - 2:8.1.789-1
    - patchlevel 789
    * Fri Jan 11 2019 Zdenek Dohnal  - 2:8.1.714-1
    - patchlevel 714
    * Tue Jan  8 2019 Zdenek Dohnal  - 2:8.1.702-1
    - patchlevel 702
    * Mon Dec 10 2018 Zdenek Dohnal  - 2:8.1.575-1
    - patchlevel 575
    * Wed Dec  5 2018 Zdenek Dohnal  - 2:8.1.549-2
    - do not strip binaries before build system strips it
    * Tue Nov 27 2018 Zdenek Dohnal  - 2:8.1.549-1
    - patchlevel 549
    * Tue Nov 27 2018 Zdenek Dohnal  - 2:8.1.527-2
    - update vim-update.sh - F27 EOL
    * Fri Nov 16 2018 Zdenek Dohnal  - 2:8.1.527-1
    - patchlevel 527
    * Thu Nov  8 2018 Zdenek Dohnal  - 2:8.1.513-2
    - #1646183 - do not forget the epoch
    * Thu Nov  8 2018 Zdenek Dohnal  - 2:8.1.513-1
    - patchlevel 513
    * Thu Nov  8 2018 Zdenek Dohnal  - 2:8.1.511-2
    - fix #1646183 properly - we need to conflict with vim-enhanced, not vim-common
    * Mon Nov  5 2018 Zdenek Dohnal  - 2:8.1.511-1
    - patchlevel 511
    * Mon Nov  5 2018 Zdenek Dohnal  - 2:8.1.497-2
    - 1646183 - Man file conflict for vim-minimal and vim-enhanced
    * Fri Oct 26 2018 Zdenek Dohnal  - 2:8.1.497-1
    - patchlevel 497
    * Fri Oct 19 2018 Zdenek Dohnal  - 2:8.1.483-1
    - patchlevel 483
    * Fri Oct 19 2018 Zdenek Dohnal  - 2:8.1.451-2
    - 1640972 - vimrc/virc should reflect correct augroup
    * Fri Oct  5 2018 Zdenek Dohnal  - 2:8.1.451-1
    - patchlevel 451
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1717942 - vim/neovim: arbitrary code execution vulnerability
            https://bugzilla.redhat.com/show_bug.cgi?id=1717942
      [ 2 ] Bug #1718308 - CVE-2019-12735 vim/neovim: arbitrary command execution in getchar.c
            https://bugzilla.redhat.com/show_bug.cgi?id=1718308
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-dcd49378b8' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com page/section?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    20
    radio
    [{"id":"73","title":"News","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"74","title":"Advisories ","votes":"5","type":"x","order":"2","pct":83.33,"resources":[]},{"id":"75","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"76","title":"Latest Features ","votes":"1","type":"x","order":"4","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.