The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. Upstream patch: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 https://github.com/vim/vim/compare/v8.1.2135...v8.1.2136
Created vim tracking bugs for this issue: Affects: fedora-all [bug 1789500]
Upstream issue: https://github.com/vim/vim/issues/5041
The following commit introduces the vulnerability: https://github.com/vim/vim/commit/a27e1dcddc9e3914ab34b164f71c51b72903b00b This commit was first introduced in upstream version v8.1.2121.
Statement: The versions of vim as shipped in Red Hat Enterprise Linux 5, 6, 7, and 8 are not affected by this flaw because the vulnerability was introduced in a newer version of the component.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-20079