X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D4F453858297 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1700259286; bh=58YV0jOBOvVTHKs1CPERUmlZxBiYY3dPVyt4JRhPP28=; h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=NquwFosyP9w4iHYisZrqHKHOQW+UP8ZFFqM+vVcoplYULrMEq3z9ubsxL0GpyJGuE uFWicIPvYVvXji8wiFgJCkgKvMcNsDUoF4MIsoZRKksUX7S/5rOQrwWEgvlZ+ueUXm w9DVQWHOaYkvu4FIgLQ04/jdEw40sFw+G8owOwMQ= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5C21C3858C54 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5C21C3858C54 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700259272; cv=none; b=BeIdc2cMRA57wvdk2gwjXgYnswksd3SmcP3bOMZV1K46FDVEo7e0qECOAHnKMrEY6idB3fa/DlF8plSGUg2GpOIvP4MYwqTqZyU3I9l4no4Bza8QuQMcuuOqG4OObq8nRJYrMOkKUl2UVSsZ1SlqvxZLkxGNWmjSo5CucuNsO5c= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1700259272; c=relaxed/simple; bh=GffNE5GCbvY4n8zistkxNJX4WldT2QI4JvRVvTnEwQE=; h=DKIM-Signature:Message-ID:Date:MIME-Version:From:Subject:To; b=vq7xzmx10PIhhnfwdJ+exIy/bDP44m2pYhTggLk0ZOXbxmmtgLBlGp9XpjJ1JK8h8GCHAbNqI/PP5AkiXtxi+LGMKd9G7FbXYIBMtgNRWqweKHH8e6n2eJZKxkOI/wpvZHIhs3bARlYz68cQOVv4FFfJTP8WDHRCYR1Ephyvl0o= ARC-Authentication-Results: i=1; server2.sourceware.org X-Authority-Analysis: v=2.4 cv=Cousz10D c=1 sm=1 tr=0 ts=6557e5c5 a=DxHlV3/gbUaP7LOF0QAmaA==:117 a=DxHlV3/gbUaP7LOF0QAmaA==:17 a=IkcTkHD0fZMA:10 a=NEAV23lmAAAA:8 a=3L6Nh-GTAAAA:8 a=uNaNvZzx7LivvJRsurcA:9 a=QEXdDO2ut3YA:10 a=izEBCtx8DkBWphcOf488:22 Message-ID: Date: Fri, 17 Nov 2023 15:14:29 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Could we get Vim 9 packaged to fix CVEs Content-Language: en-CA To: cygwin AT cygwin DOT com References: <122a988f-97dd-458a-9bc9-42a526e1b1e5 AT Shaw DOT ca> Organization: Inglis In-Reply-To: <122a988f-97dd-458a-9bc9-42a526e1b1e5@Shaw.ca> X-CMAE-Envelope: MS4xfGK9jqKLN+Ndia3ZbUh9RN46xUNfx9skBiyN+B1uCEgOezHmxR3XlDXptRFE53cHPCgK/VURf24ykboJxArAMThpYKWL1oFTdfg8rJ7jFC0kWlO5voMZ 1YA5kSNKRQIiUg1Q81xJEB/5KVp7+DQNopn5WyjkYEY3MbttUlJ/+CNSVnek8siX7VEXzT/YICE2vw== X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, BODY_8BITS, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, KAM_LOTSOFHASH, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Brian Inglis via Cygwin Reply-To: Brian DOT Inglis AT Shaw DOT ca Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 3AHMEm2Q010553 On 2023-11-12 15:27, Brian Inglis via Cygwin wrote: > On 2023-11-09 09:35, Jack S via Cygwin wrote: >> Would it be possible to update the vim packages with Vim 9, please? > Also now: > https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm Expanding above: CVE-2023-46246: Integer overflow in :history Ex-Command in Vim < 9.0.2068 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm fixed in Vim patch 9.0.2068 https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a New: [vim-security] several minor security issues in Vim v9.0.2106-v9.0.2112 https://seclists.org/oss-sec/2023/q4/218 CVE-2023-48231: Use-After-Free in win_close() https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 fixed in Vim patch 9.0.2106 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw fixed in Vim patch 9.0.2107 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce CVE-2023-48233: overflow with count for :s command https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj fixed in Vim patch 9.0.2108 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 CVE-2023-48234: overflow in nv_z_get_count https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq fixed in Vim patch 9.0.2109 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca CVE-2023-48235: overflow in ex address parsing https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g fixed in Vim patch 9.0.2110 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 CVE-2023-48236: overflow in get_number https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 fixed in Vim patch 9.0.2111 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 CVE-2023-48237: overflow in shift_line https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 fixed in Vim patch 9.0.2112 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple