jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2024/cvrf-openEuler-SA-2024-1982.xml
Jia Chao 7d8412e76d update 0822 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-08-22 10:38:56 +08:00

214 lines
19 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for vim is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2024-1982</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2024-08-16</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2024-08-16</InitialReleaseDate>
<CurrentReleaseDate>2024-08-16</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2024-08-16</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">vim security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for vim is now available for openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor &apos;Vi&apos;, with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.
Security Fix(es):
Vim is an open source command line text editor. Vim &lt; v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,
but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647(CVE-2024-41957)
Vim is an open source command line text editor. double-free in dialog_changed() in Vim &lt; v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.(CVE-2024-41965)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for vim is now available for openEuler-22.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">vim</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1982</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41957</URL>
<URL>https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-41965</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2024-41957</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2024-41965</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-22.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">openEuler-22.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">openEuler-20.03-LTS-SP4</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">openEuler-22.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-24.03-LTS" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">openEuler-24.03-LTS</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP4" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">openEuler-22.03-LTS-SP4</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="vim-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-9.0-24.oe2203sp3.src.rpm</FullProductName>
<FullProductName ProductID="vim-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-9.0-23.oe2003sp4.src.rpm</FullProductName>
<FullProductName ProductID="vim-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-9.0-24.oe2203sp1.src.rpm</FullProductName>
<FullProductName ProductID="vim-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-9.0.2092-8.oe2403.src.rpm</FullProductName>
<FullProductName ProductID="vim-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-9.0-24.oe2203sp4.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="vim-X11-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-X11-9.0-24.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-common-9.0-24.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-debuginfo-9.0-24.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-debugsource-9.0-24.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-enhanced-9.0-24.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-minimal-9.0-24.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-X11-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-X11-9.0-23.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-common-9.0-23.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-debuginfo-9.0-23.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-debugsource-9.0-23.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-enhanced-9.0-23.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-minimal-9.0-23.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-X11-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-X11-9.0-24.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-common-9.0-24.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-debuginfo-9.0-24.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-debugsource-9.0-24.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-enhanced-9.0-24.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-minimal-9.0-24.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-X11-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-X11-9.0.2092-8.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-common-9.0.2092-8.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-debuginfo-9.0.2092-8.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-debugsource-9.0.2092-8.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-enhanced-9.0.2092-8.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-minimal-9.0.2092-8.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-X11-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-X11-9.0-24.oe2203sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-common-9.0-24.oe2203sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-debuginfo-9.0-24.oe2203sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-debugsource-9.0-24.oe2203sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-enhanced-9.0-24.oe2203sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-minimal-9.0-24.oe2203sp4.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="vim-X11-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-X11-9.0-24.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-common-9.0-24.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-debuginfo-9.0-24.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-debugsource-9.0-24.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-enhanced-9.0-24.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-minimal-9.0-24.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-X11-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-X11-9.0-23.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-common-9.0-23.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-debuginfo-9.0-23.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-debugsource-9.0-23.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-enhanced-9.0-23.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-minimal-9.0-23.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-X11-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-X11-9.0-24.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-common-9.0-24.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-debuginfo-9.0-24.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-debugsource-9.0-24.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-enhanced-9.0-24.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-minimal-9.0-24.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-X11-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-X11-9.0.2092-8.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-common-9.0.2092-8.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-debuginfo-9.0.2092-8.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-debugsource-9.0.2092-8.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-enhanced-9.0.2092-8.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-minimal-9.0.2092-8.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-X11-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-X11-9.0-24.oe2203sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-common-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-common-9.0-24.oe2203sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debuginfo-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-debuginfo-9.0-24.oe2203sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-debugsource-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-debugsource-9.0-24.oe2203sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-enhanced-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-enhanced-9.0-24.oe2203sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="vim-minimal-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-minimal-9.0-24.oe2203sp4.x86_64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="vim-filesystem-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">vim-filesystem-9.0-24.oe2203sp3.noarch.rpm</FullProductName>
<FullProductName ProductID="vim-filesystem-9.0-23" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">vim-filesystem-9.0-23.oe2003sp4.noarch.rpm</FullProductName>
<FullProductName ProductID="vim-filesystem-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">vim-filesystem-9.0-24.oe2203sp1.noarch.rpm</FullProductName>
<FullProductName ProductID="vim-filesystem-9.0.2092-8" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">vim-filesystem-9.0.2092-8.oe2403.noarch.rpm</FullProductName>
<FullProductName ProductID="vim-filesystem-9.0-24" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP4">vim-filesystem-9.0-24.oe2203sp4.noarch.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vim is an open source command line text editor. Vim &lt; v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags,but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647</Note>
</Notes>
<ReleaseDate>2024-08-16</ReleaseDate>
<CVE>CVE-2024-41957</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS-SP3</ProductID>
<ProductID>openEuler-20.03-LTS-SP4</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-24.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP4</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.3</BaseScore>
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>vim security update</Description>
<DATE>2024-08-16</DATE>
<URL>https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1982</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">Vim is an open source command line text editor. double-free in dialog_changed() in Vim &lt; v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.</Note>
</Notes>
<ReleaseDate>2024-08-16</ReleaseDate>
<CVE>CVE-2024-41965</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-22.03-LTS-SP3</ProductID>
<ProductID>openEuler-20.03-LTS-SP4</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-24.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP4</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>4.2</BaseScore>
<Vector>AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>vim security update</Description>
<DATE>2024-08-16</DATE>
<URL>https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1982</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink