Ubuntu
vim package

Ensure supported codenames are accurate

  1. Lunar (23.04)
  2. Bug #1996087
Bug #1996087 reported by Simon Quigley
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vim (Ubuntu)
Fix Committed
Undecided
Simon Quigley
Focal
Fix Released
Undecided
Simon Quigley
Jammy
Fix Released
Undecided
Simon Quigley
Kinetic
Won't Fix
Undecided
Unassigned
Lunar
Fix Committed
Undecided
Simon Quigley

Bug Description

In several stable releases of Ubuntu, Vim has information regarding releases that are outdated. It would be optimal for Vim to grab this data from distro-info-data (or similar), but unfortunately that is not the case. Therefore, the list needs to be updated.

There is a minimal regression potential here; Vim simply reads a statically-set Perl array to determine if the release in the changelog and sources.list is supported or not. Any regression would present itself in external tooling that detects text highlighting, which is not a case I think we support in Ubuntu.

A simple way to test this update is to download a package from the Lunar archive, and open the changelog with Vim. Instead of the changelog release (e.g. "lunar") showing as red, it should show as blue. I would also suggest editing sources.list, to ensure e.g. Eoan shows as EOL.

See original description

CVE References

Simon Quigley (tsimonq2)
Changed in vim (Ubuntu Lunar):
status: New → Confirmed
status: Confirmed → Fix Committed
Changed in vim (Ubuntu Kinetic):
status: New → Confirmed
Changed in vim (Ubuntu Jammy):
status: New → Confirmed
Changed in vim (Ubuntu Focal):
status: New → Confirmed
assignee: nobody → Simon Quigley (tsimonq2)
Changed in vim (Ubuntu Jammy):
assignee: nobody → Simon Quigley (tsimonq2)
Changed in vim (Ubuntu Kinetic):
assignee: nobody → Simon Quigley (tsimonq2)
Changed in vim (Ubuntu Lunar):
assignee: nobody → Simon Quigley (tsimonq2)
Simon Quigley (tsimonq2)
description: updated
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Simon, or anyone else affected,

Accepted vim into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in vim (Ubuntu Jammy):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-jammy
Changed in vim (Ubuntu Kinetic):
status: Confirmed → Fix Committed
tags: added: verification-needed-kinetic
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Simon, or anyone else affected,

Accepted vim into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Simon, or anyone else affected,

Accepted vim into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in vim (Ubuntu Focal):
status: Confirmed → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (vim/2:8.2.3995-1ubuntu2.2)

All autopkgtests for the newly accepted vim (2:8.2.3995-1ubuntu2.2) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

systemd/249.11-0ubuntu3.6 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#vim

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (vim/2:9.0.0242-1ubuntu1.1)

All autopkgtests for the newly accepted vim (2:9.0.0242-1ubuntu1.1) for kinetic have finished running.
The following regressions have been reported in tests triggered by the package:

vim-youcompleteme/0+20220402+git3ededae+ds-4 (armhf, arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/kinetic/update_excuses.html#vim

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vim - 2:8.2.3995-1ubuntu2.3

---------------
vim (2:8.2.3995-1ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: illegal memory access with bracketed paste in Ex mode
    - debian/patches/CVE-2022-0392.patch: reverse space for the trailing NUL
    - CVE-2022-0392
  * SECURITY UPDATE: retab may cause illegal memory access
    - debian/patches/CVE-2022-0417.patch: limit the value of tabstop
    - CVE-2022-0417

 -- Mark Esler <email address hidden> Wed, 11 Jan 2023 17:53:12 -0600

Changed in vim (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vim - 2:8.1.2269-1ubuntu5.11

---------------
vim (2:8.1.2269-1ubuntu5.11) focal-security; urgency=medium

  * SECURITY UPDATE: illegal memory access with bracketed paste in Ex mode
    - debian/patches/CVE-2022-0392.patch: reverse space for the trailing NUL
    - CVE-2022-0392
  * SECURITY UPDATE: retab may cause illegal memory access
    - debian/patches/CVE-2022-0417.patch: limit the value of tabstop
    - CVE-2022-0417

 -- Mark Esler <email address hidden> Wed, 11 Jan 2023 17:54:11 -0600

Changed in vim (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Ubuntu 22.10 (Kinetic Kudu) has reached end of life, so this bug will not be fixed for that specific release.

Changed in vim (Ubuntu Kinetic):
status: Fix Committed → Won't Fix
Simon Quigley (tsimonq2)
Changed in vim (Ubuntu Kinetic):
assignee: Simon Quigley (tsimonq2) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.