diff --git a/backport-CVE-2022-2124.patch b/backport-CVE-2022-2124.patch new file mode 100644 index 0000000000000000000000000000000000000000..981a61505f7ebb7413bc7d410f648344d5d225ba --- /dev/null +++ b/backport-CVE-2022-2124.patch @@ -0,0 +1,35 @@ +From e4463991b2c9243ae93462118b6d6f648852bb0c Mon Sep 17 00:00:00 2001 +From: lauk001 +Date: Tue, 21 Jun 2022 13:43:57 +0800 +Subject: [PATCH] CVE-2022-2124 + +Signed-off-by: lauk001 +--- + src/search.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/search.c b/src/search.c +index 75f0c59..87acb33 100644 +--- a/src/search.c ++++ b/src/search.c +@@ -4589,11 +4589,17 @@ current_quote( + + // Find out if we have a quote in the selection. + while (i <= col_end) ++ { ++ // check for going over the end of the line, which can happen if ++ // the line was changed after the Visual area was selected. ++ if (line[i] == NUL) ++ break; + if (line[i++] == quotechar) + { + selected_quote = TRUE; + break; + } ++ } + } + + if (!vis_empty && line[col_start] == quotechar) +-- +2.33.0 + diff --git a/vim.spec b/vim.spec index 7a90f094cf2786f80b1e7acc64588ac11ac4ab57..55242f0a7d432dfac9b8c36ffb486c24ffc3bac2 100644 --- a/vim.spec +++ b/vim.spec @@ -12,7 +12,7 @@ Name: vim Epoch: 2 Version: 8.2 -Release: 38 +Release: 39 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -109,6 +109,7 @@ Patch6072: backport-CVE-2022-1619.patch Patch6073: backport-CVE-2022-1733.patch Patch6074: backport-CVE-2022-1735.patch Patch6075: backport-CVE-2022-1771.patch +Patch6076: backport-CVE-2022-2124.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -497,6 +498,12 @@ popd %{_mandir}/man1/evim.* %changelog +* Thu Jun 23 2022 liukuo - 2:8.2-39 +- Type:CVE +- ID:CVE-2022-2124 +- SUG:NA +- DESC:fix CVE-2022-2124 + * Tue Jun 21 2022 dongyuzhen - 2:8.2-38 - Type:CVE - ID:CVE-2022-1771