From 3cfcf613ae33a44294e44d41c884e379ff921947 Mon Sep 17 00:00:00 2001 From: yinyongkang Date: Tue, 3 Sep 2024 09:27:55 +0800 Subject: [PATCH] fix CVE-2024-45306 --- backport-CVE-2024-45306.patch | 39 +++++++++++++++++++++++++++++++++++ vim.spec | 9 +++++++- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-45306.patch diff --git a/backport-CVE-2024-45306.patch b/backport-CVE-2024-45306.patch new file mode 100644 index 0000000..3991525 --- /dev/null +++ b/backport-CVE-2024-45306.patch @@ -0,0 +1,39 @@ +From 396fd1ec2956307755392a1c61f55d5c1847f308 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Sat, 31 Aug 2024 17:58:16 +0200 +Subject: [PATCH] patch 9.1.0707: [security]: invalid cursor position may cause + a crash + +Problem: [security]: invalid cursor position may cause a crash + (after v9.1.0038) +Solution: Set cursor to the last character in a line, if it would + otherwise point to beyond the line; no tests added, as it + is unclear how to reproduce this. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh + +Co-authored-by: zeertzjq +Signed-off-by: zeertzjq +Signed-off-by: Christian Brabandt +--- + src/charset.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/charset.c b/src/charset.c +index bda3f91..ab4f1e4 100644 +--- a/src/charset.c ++++ b/src/charset.c +@@ -1621,6 +1621,9 @@ getvcol( + } + clear_chartabsize_arg(&cts); + ++ if (*ptr == NUL && pos->col < MAXCOL && pos->col > ptr - line) ++ pos->col = ptr - line; ++ + if (start != NULL) + *start = vcol + head; + if (end != NULL) +-- +2.43.0 + diff --git a/vim.spec b/vim.spec index 4e57f33..8a81aae 100644 --- a/vim.spec +++ b/vim.spec @@ -14,7 +14,7 @@ Name: vim Epoch: 2 Version: %{baseversion}.%{patchlevel} -Release: 11 +Release: 12 Summary: Vim is a highly configurable text editor for efficiently creating and changing any kind of text. License: Vim and MIT URL: http://www.vim.org @@ -50,6 +50,7 @@ Patch6015: backport-patch-9.1.0554-bw-leaves-jumplist-and-tagstack-data-.pa Patch6016: backport-CVE-2024-41957.patch Patch6017: backport-CVE-2024-43374.patch Patch6018: backport-CVE-2024-43802.patch +Patch6019: backport-CVE-2024-45306.patch Patch9000: bugfix-rm-modify-info-version.patch @@ -457,6 +458,12 @@ LC_ALL=en_US.UTF-8 make -j1 test || echo "Warning: Please check tests." %{_mandir}/man1/evim.* %changelog +* Tue Sep 03 2024 yinyongkang - 2:9.0.2092-12 +- Type:CVE +- ID:CVE-2024-45306 +- SUG:NA +- DESC:fix CVE-2024-45306 + * Thu Aug 29 2024 wangjiang - 2:9.0.2092-11 - Type:CVE - ID:CVE-2024-43802 -- Gitee