ELA-1002-1 vim security update

multiple vulnerabilities

2023-11-18
Packagevim
Version2:7.4.488-7+deb8u11 (jessie), 2:8.0.0197-4+deb9u11 (stretch)
Related CVEs CVE-2023-4752 CVE-2023-4781 CVE-2023-5344


Multiple vulnerabilities have been fixed in the editor vim.

CVE-2023-4752 Heap use after free in ins_compl_get_exp()

CVE-2023-4781 Heap buffer-overflow in vim_regsub_both()

CVE-2023-5344 Heap buffer-overflow in trunc_string()



For Debian 8 jessie, these problems have been fixed in version 2:7.4.488-7+deb8u11.

For Debian 9 stretch, these problems have been fixed in version 2:8.0.0197-4+deb9u11.

We recommend that you upgrade your vim packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.