vim-7.4.629-8.0.1.el7.AXS7

VIM (VIsual editor iMproved) is an updated and improved version of the vi
editor. Vi was the first real screen-based editor for UNIX, and is still very
popular. VIM improves on vi by adding new features: multiple windows,
multi-level undo, block highlighting and more.

Security Fix(es):

* CVE-2023-0054: check the return value of vim_regsub()
* CVE-2023-0049: avoid going over the NUL at the end
* CVE-2023-0288: prevent the cursor from moving to line zero
* CVE-2023-0433: check for not going over the end of the line
* CVE-2023-2610: limit the text length to MAXCOL
* CVE-2023-4750: check buffer is valid before accessing it
* CVE-2023-4733: verify oldwin pointer after reset_VIsual()
* CVE-2023-4751: stop Visual mode when using :ball
* CVE-2023-5344: add NULL at end of buffer
* CVE-2024-22667: pass size of errbuf down the call stack, use snprintf()

CVE(s):
CVE-2023-0049
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
CVE-2023-0054
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
CVE-2023-0288
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
CVE-2023-0433
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
CVE-2023-2610
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
CVE-2023-4733
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
CVE-2023-4750
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
CVE-2023-4751
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
CVE-2023-5344
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
CVE-2024-22667
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.