Hi,
We have built successfully the fixed version of VIM.
Also there are some more recent vulnerabilities on VIM and we would like to release commutative fixed version.
We will publish the package as soon as we get approval.
------------------------------
SANKET RATHI
------------------------------
Original Message:
Sent: Fri October 22, 2021 10:54 AM
From: SANKET RATHI
Subject: VIM CVE-2021-3875 - Security Advisory - Update to 8.2.3489 needed
Thank you Tobias for reporting this.
We will look into it and provide the fixed vim.
------------------------------
SANKET RATHI
Original Message:
Sent: Thu October 21, 2021 02:37 AM
From: Tobias Schröer
Subject: VIM CVE-2021-3875 - Security Advisory - Update to 8.2.3489 needed
Hi AIX OpenSource-Team,
please update vim, because of the security issue CVE-2021-3875.
PoC is already public.
AIX Toolbox Version: 8.1.2424
AFFECTED VERSIONS
- Affected versions: vim < 8.2.3489
RECOMMENDATIONS
Upgrade vim to version 8.2.3489
https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f
https://bugzilla.redhat.com/show_bug.cgi?id=2014661
https://access.redhat.com/security/cve/CVE-2021-3875
https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/
------------------------------
Tobias Schröer
------------------------------