diff --git a/backport-CVE-2022-2124.patch b/backport-CVE-2022-2124.patch new file mode 100644 index 0000000000000000000000000000000000000000..981a61505f7ebb7413bc7d410f648344d5d225ba --- /dev/null +++ b/backport-CVE-2022-2124.patch @@ -0,0 +1,35 @@ +From e4463991b2c9243ae93462118b6d6f648852bb0c Mon Sep 17 00:00:00 2001 +From: lauk001 +Date: Tue, 21 Jun 2022 13:43:57 +0800 +Subject: [PATCH] CVE-2022-2124 + +Signed-off-by: lauk001 +--- + src/search.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/search.c b/src/search.c +index 75f0c59..87acb33 100644 +--- a/src/search.c ++++ b/src/search.c +@@ -4589,11 +4589,17 @@ current_quote( + + // Find out if we have a quote in the selection. + while (i <= col_end) ++ { ++ // check for going over the end of the line, which can happen if ++ // the line was changed after the Visual area was selected. ++ if (line[i] == NUL) ++ break; + if (line[i++] == quotechar) + { + selected_quote = TRUE; + break; + } ++ } + } + + if (!vis_empty && line[col_start] == quotechar) +-- +2.33.0 + diff --git a/vim.spec b/vim.spec index a06077e14391638047e6a84b97106aea019647e6..552e72746dc4daeefa7fc87037d72c3d3a50e5b3 100644 --- a/vim.spec +++ b/vim.spec @@ -11,7 +11,7 @@ Name: vim Epoch: 2 Version: 8.2 -Release: 35 +Release: 36 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -110,6 +110,7 @@ Patch6076: backport-fix-test-failed.patch Patch6077: backport-CVE-2022-1897.patch Patch6078: backport-CVE-2022-1968.patch Patch6079: backport-CVE-2022-1771.patch +Patch6080: backport-CVE-2022-2124.patch Patch9000: bugfix-rm-modify-info-version.patch Patch9001: remove-failed-tests-due-to-patch.patch @@ -512,6 +513,12 @@ LC_ALL=en_US.UTF-8 make -j1 test %{_mandir}/man1/evim.* %changelog +* Thu Jun 23 2022 liukuo - 2:8.2-36 +- Type:CVE +- ID:CVE-2022-2124 +- SUG:NA +- DESC:fix CVE-2022-2124 + * Tue Jun 21 2022 dongyuzhen - 2:8.2-35 - Type:CVE - ID:CVE-2022-1771