-
vim (2:8.2.2434-1ubuntu1.3) hirsute-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
service when using CTRL+w+f with an empty filename
- debian/patches/CVE-2021-3973-1.patch: Ensure filename is checked for
zero length in src/findfile.c, src/normal.c and
src/testdir/test_visual.vim
- debian/patches/CVE-2021-3973-2.patch: Fix for failing test in
src/findfile.c
- CVE-2021-3973
* SECURITY UPDATE: Use-after-free issue in regular expression engine when
using a mark, could lead to a denial of service or code execution.
- debian/patches/CVE-2021-3974.patch: Ensure check for free is made when
processing mark in src/regexp_nfa.c, src/testdir/test_regexp_latin.vim
- CVE-2021-3974
* SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
service or possible code execution when C-indenting
- debian/patches/CVE-2021-3984.patch: Fix memory access issue by correctly
dereferencing cursor position in src/cindent.c and
src/testdir/test_cindent.vim
- CVE-2021-3984
* SECURITY UPDATE: Heap-based buffer overflow could lead to a denial of
service when help functions are provided with long command strings
- debian/patches/CVE-2021-4019.patch: Fix handling of strcpy to use safer
vim_snprintf in src/help.c and src/testdir/test_help.vim
- CVE-2021-4019
* SECURITY UPDATE: Use-after-free issue in open command can lead to a denial
of service or possible code execution
- debian/patches/CVE-2021-4069.patch: Fix issue making a copy of the
current line and its address in src/ex_docmd.c and
src/testdir/test_ex_mode.vim
- CVE-2021-4069
-- Ray Veldkamp <email address hidden> Wed, 05 Jan 2022 21:00:18 +1100
-
vim (2:8.2.2434-1ubuntu1.2) hirsute-security; urgency=medium
* SECURITY UPDATE: Fix heap-based buffer overflow when buffer name is very
long
- debian/patches/CVE-2021-3872.patch: Make sure not to go over the end of
the buffer in src/drawscreen.c, src/testdir/test_statusline.vim.
- CVE-2021-3872
* SECURITY UPDATE: Fix heap-based buffer overflow when scrolling without a
valid screen
- debian/patches/CVE-2021-3903.patch: Do not set VALID_BOTLINE in w_valid
in src/move.c, src/testdir/test_normal.vim.
- CVE-2021-3903
* SECURITY UPDATE: Fix heap-based buffer overflow when reading character
past end of line
- debian/patches/CVE-2021-3927.patch: Correct the cursor column in
src/ex_docmd.c, src/testdir/test_put.vim.
- CVE-2021-3927
* SECURITY UPDATE: Fix stack-based buffer overflow when reading
uninitialized memory when giving spell suggestions
- debian/patches/CVE-2021-3928.patch: Check that preword is not empty in
src/spellsuggest.c, src/testdir/test_spell.vim.
- CVE-2021-3928
* Fix flaky vim terminal mode test
-- Spyros Seimenis <email address hidden> Mon, 08 Nov 2021 15:19:29 +0100
-
vim (2:8.2.2434-1ubuntu1.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Fix heap-based buffer overflow when using :retab with
large value
- debian/patches/CVE-2021-3770-1.patch: Check vartabstop contains positive
number in src/indent.c.
- debian/patches/CVE-2021-3770-2.patch: Fix memory leak for :retab with
invalid argument
- CVE-2021-3770
* SECURITY UPDATE: Fix heap-based buffer overflow when reading beyond end of
line with invalid utf-8 character
- debian/patches/CVE-2021-3778.patch: Validate encoding of character before
advancing line in regexp_nfa.c.
- CVE-2021-3778
* SECURITY UPDATE: Fix use after free when replacing
- debian/patches/CVE-2021-3796.patch: Get the line pointer after calling
ins_copychar() in src/normal.c.
- CVE-2021-3796
-- Spyros Seimenis <email address hidden> Mon, 20 Sep 2021 14:49:18 +0300
-
vim (2:8.2.2434-1ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny vim.
- debian/rules:
+ Disable tests on riscv64
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/debian/update-upstart-syntax.patch:
+ Add setuid and setgid to syntax file.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
* Dropped changes, deprecated:
- patches/riscv64-test-timeout.patch
+ Increase Test_mode_message_at_leaving_insert_with_esc_mapped timeout
for riscv64.
+ It was changed to WaitForAssert(), our patch patches another function:
Test_mode_message_at_leaving_insert_by_ctrl_c()
* Dropped changes, included upstream:
- debian/patches/ubuntu-series-support.patch:
+ Add hirsute, move eoan to unsupported
-- Lukas Märdian <email address hidden> Mon, 15 Feb 2021 13:29:39 +0100
-
vim (2:8.2.1913-1ubuntu3) hirsute; urgency=medium
* No-change rebuild to build with python3.9 as default.
-- Matthias Klose <email address hidden> Thu, 19 Nov 2020 18:39:38 +0100
-
vim (2:8.2.1913-1ubuntu2) hirsute; urgency=medium
* Increase timeout for the Test_pattern_compile_speed patch.
* Update the ubuntu-mouse patch.
-- Matthias Klose <email address hidden> Wed, 18 Nov 2020 21:03:57 +0100
-
vim (2:8.2.1913-1ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/debian/update-upstart-syntax.patch:
+ Add setuid and setgid to syntax file.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- Increase Test_mode_message_at_leaving_insert_with_esc_mapped timeout
for riscv64.
- debian/patches/ubuntu-series-support.patch:
+ Add hirsute, move eoan to unsupported
vim (2:8.2.1913-1) unstable; urgency=medium
[ James McCoy ]
* Merge upstream tag v8.2.1913
+ syntax/sh.vim: Highlight "local var" appropriately when /bin/sh is dash.
(Closes: #796282)
+ plugin/netrwPlugin.vim: Fix directory navigation with
g:netrw_liststyle=3 and g:netrw_list_hide='^\..*'. (Closes: #942549)
+ 8.2.1909: Remove the limit on items in 'statusline' (Closes: #688258)
+ 8.2.1912: Fix test failures with Python 3 >= 3.9 (Closes: #972777)
* rules: Provide path to vim when building vim.pot
* Add procps and cscope to (autopkg)test Depends
* d/tests: Use dpkg-query rather than dpkg-parsechangelog to get upstream version
* d/tests: Use runtime/ from source tree
* d/tests: Force TERM=xterm when running upstreamtest
* Stop installing vim2html.pl
* Stop installing README.txt files in vim-runtime
* Lintian
+ Add national-encoding overrides for files intentionally in non-UTF8
encodings
+ Add package-contains-documentation-outside-usr-share-doc overrides for
builtin help
+ Rename binary-without-manpage override to no-manual-page
+ Rename manpage-without-executable override to spare-manual-page
+ Override repeated-path-segment for dvorak plugin
+ Add package-contains-documentation-outside-usr-share-doc override for
rgb.txt
[ Pino Toscano ]
* Remove unused XPM icons.
* Remove do not ship gvim.svg in /usr/share/pixmaps.
-- Brian Murray <email address hidden> Mon, 09 Nov 2020 12:42:28 -0800
-
vim (2:8.2.0716-3ubuntu3) hirsute; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <email address hidden> Mon, 09 Nov 2020 10:51:46 +0100
-
vim (2:8.2.0716-3ubuntu2) groovy; urgency=medium
* Disable tests on riscv64
-- Balint Reczey <email address hidden> Tue, 11 Aug 2020 19:00:59 +0200
