version 9.0 and patches
16 views
Skip to first unread message
Michael....@wellsfargo.com
Dec 14, 2022, 3:12:26 AM12/14/22
to v...@vim.org
Hi
Is there a cumulative patch for version 9 that will encompass all the patches for all the following CVE’s?
CVE-2022-4293
CVE-2022-4292
CVE-2022-3491
CVE-2022-3520
CVE-2022-3591
Thanks in advance,
Michael Pearson
WFT CTO | Enterprise Application Services (EAS)
Software Enablement Services (SES) | Product Portfolio Management
Mobile (515) 339-8592 | MAC F2505-03A
To better manage and track requests related to the products aligned to the Applications Products Competency Center, please access the SES Product Portfolio Service Center page as a starting point for Product Owner engagement.
Christian Brabandt
Dec 14, 2022, 3:30:22 AM12/14/22
to v...@vim.org
On Di, 13 Dez 2022, Michael.Pearson2 via vim_use wrote:
> CVE-2022-4293
The fix is https://github.com/vim/vim/releases/tag/v9.0.0804
> CVE-2022-4292
The fix is https://github.com/vim/vim/releases/tag/v9.0.0882
> CVE-2022-3491
The fix is https://github.com/vim/vim/releases/tag/v9.0.0742
> CVE-2022-3520
The fix is https://github.com/vim/vim/releases/tag/v9.0.0765
> CVE-2022-3591
The fix is https://github.com/vim/vim/releases/tag/v9.0.0789
> Is there a cumulative patch for version 9 that will encompass all the
> patches for all the following CVE's?
best is always to go from the lastest patch in the master branch and
keep it updated regularly.
If you are using a Distribution with Security Support, it will probably
take care of those. But you should check with the maintainers separately
to be sure.
Best,
Christian
--
Gib einem Mann einen Fisch und du ernährst ihn für einen Tag.
Lehre einen Mann zu fischen und du ernährst ihn für sein Leben.
-- Konfuzius (551-479 v. Chr.)
Tony Mechelynck
Dec 14, 2022, 7:34:36 AM12/14/22
to vim...@googlegroups.com, v...@vim.org
On Wed, Dec 14, 2022 at 9:30 AM Christian Brabandt <cbl...@256bit.org> wrote:
> On Di, 13 Dez 2022, Michael.Pearson2 via vim_use wrote:
[...]
> On Di, 13 Dez 2022, Michael.Pearson2 via vim_use wrote:
> > Is there a cumulative patch for version 9 that will encompass all the
> > patches for all the following CVE's?
>
> No, we do not provide cumulative patches. If you are installing vim,
> best is always to go from the lastest patch in the master branch and
> keep it updated regularly.
>
> If you are using a Distribution with Security Support, it will probably
> take care of those. But you should check with the maintainers separately
> to be sure.
I agree with Christian, and in addition, if you can (or can learn to)
> > patches for all the following CVE's?
>
> No, we do not provide cumulative patches. If you are installing vim,
> best is always to go from the lastest patch in the master branch and
> keep it updated regularly.
>
> If you are using a Distribution with Security Support, it will probably
> take care of those. But you should check with the maintainers separately
> to be sure.
compile your own Vim (it is not outlandishly difficult, it just takes
a little getting used to), the latest source is available on both a
git repository on github, maintained directly by Bram (see
https://www.vim.org/git.php for info) and a Mercurial repository
maintained by Christian at https://hg.256bit.org/vim mirrorring Bram's
git repository (see https://www.vim.org/mercurial.php for details).
I used to have a pair of HowTo pages, about compiling Vim on Windows
and on Linux (and other Unix-like systems), but my ISP (Belgacom
Skynet aka Proximus) has removed all user sites not maintained by
their own engineers, and I wasn't ready to let other people decide how
my user site should look. I still have HTML backups of this user site
but, alas, they are not available on the Web anymore.
Best regards,
Tony.
Message has been deleted
Michael....@wellsfargo.com
Dec 14, 2022, 1:30:43 PM12/14/22
to vim...@googlegroups.com
Thanks Christian for the quick response. I appreciate it.
-----Original Message-----
From: vim...@googlegroups.com <vim...@googlegroups.com> On Behalf Of Christian Brabandt
Sent: Wednesday, December 14, 2022 2:30 AM
To: v...@vim.org
Subject: Re: version 9.0 and patches
On Di, 13 Dez 2022, Michael.Pearson2 via vim_use wrote:
> CVE-2022-4293
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0804__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b-BgQ1mQ$
> CVE-2022-4292
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0882__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b9Qj6x9L$
> CVE-2022-3491
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0742__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b5956pnU$
> CVE-2022-3520
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0765__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b7g0mryc$
> CVE-2022-3591
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0789__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b0W1muXt$
> Is there a cumulative patch for version 9 that will encompass all the
> patches for all the following CVE's?
No, we do not provide cumulative patches. If you are installing vim, best is always to go from the lastest patch in the master branch and keep it updated regularly.
If you are using a Distribution with Security Support, it will probably take care of those. But you should check with the maintainers separately to be sure.
Best,
Christian
--
Gib einem Mann einen Fisch und du ernährst ihn für einen Tag.
Lehre einen Mann zu fischen und du ernährst ihn für sein Leben.
-- Konfuzius (551-479 v. Chr.)
--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit https://urldefense.com/v3/__http://www.vim.org/maillist.php__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b2AcD4a_$
---
You received this message because you are subscribed to the Google Groups "vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+u...@googlegroups.com.
To view this discussion on the web visit https://urldefense.com/v3/__https://groups.google.com/d/msgid/vim_use/20221214083005.GD3184211*40256bit.org__;JQ!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b5D7Wf1Z$ .
-----Original Message-----
From: vim...@googlegroups.com <vim...@googlegroups.com> On Behalf Of Christian Brabandt
Sent: Wednesday, December 14, 2022 2:30 AM
To: v...@vim.org
Subject: Re: version 9.0 and patches
On Di, 13 Dez 2022, Michael.Pearson2 via vim_use wrote:
> CVE-2022-4293
> CVE-2022-4292
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0882__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b9Qj6x9L$
> CVE-2022-3491
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0742__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b5956pnU$
> CVE-2022-3520
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0765__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b7g0mryc$
> CVE-2022-3591
The fix is https://urldefense.com/v3/__https://github.com/vim/vim/releases/tag/v9.0.0789__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b0W1muXt$
> Is there a cumulative patch for version 9 that will encompass all the
> patches for all the following CVE's?
No, we do not provide cumulative patches. If you are installing vim, best is always to go from the lastest patch in the master branch and keep it updated regularly.
If you are using a Distribution with Security Support, it will probably take care of those. But you should check with the maintainers separately to be sure.
Best,
Christian
--
Gib einem Mann einen Fisch und du ernährst ihn für einen Tag.
Lehre einen Mann zu fischen und du ernährst ihn für sein Leben.
-- Konfuzius (551-479 v. Chr.)
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit https://urldefense.com/v3/__http://www.vim.org/maillist.php__;!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b2AcD4a_$
---
You received this message because you are subscribed to the Google Groups "vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+u...@googlegroups.com.
To view this discussion on the web visit https://urldefense.com/v3/__https://groups.google.com/d/msgid/vim_use/20221214083005.GD3184211*40256bit.org__;JQ!!F9svGWnIaVPGSwU!vrh874nmeohti4UEIda_BF8Ao4x547JXxUo69xP-fQUnEQO7Ig9KSNn4A6sgfy8j_Xe3Q7J465f2ve7jXYv3b5D7Wf1Z$ .
Reply all
Reply to author
Forward
0 new messages