-
vim (2:9.0.0242-1ubuntu1.4) kinetic-security; urgency=medium
* SECURITY UPDATE: use of out-of-range pointer offset when fuzzy matching
- debian/patches/CVE-2023-2426.patch: initialize the arrays used to store
match positions.
- CVE-2023-2426
* SECURITY UPDATE: NULL pointer dereference when processing register content
- debian/patches/CVE-2023-2609.patch: check "y_array" is not NULL.
- CVE-2023-2609
* SECURITY UPDATE: integer overflow and excessive memory consumption when
allocating memory for tilde processing in pattern
- debian/patches/CVE-2023-2610.patch: limit the text length to MAXCOL.
- CVE-2023-2610
-- Camila Camargo de Matos <email address hidden> Wed, 24 May 2023 11:27:18 -0300
-
vim (2:9.0.0242-1ubuntu1.3) kinetic-security; urgency=medium
* SECURITY UPDATE: use after free
- debian/patches/CVE-2022-2946.patch: using freed memory when 'tagfunc'
deletes the buffer
- CVE-2022-2946
* SECURITY UPDATE: null pointer dereference issue
- debian/patches/CVE-2022-2980.patch: crash with mouse click when not
initialized
- CVE-2022-2980
-- Nishit Majithia <email address hidden> Mon, 03 Apr 2023 14:28:05 +0530
-
vim (2:9.0.0242-1ubuntu1.2) kinetic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference when creating blank mouse
pointer
- debian/patches/CVE-2022-47024.patch: only use the return value of
XChangeGC() when it is not NULL.
- CVE-2022-47024
* SECURITY UPDATE: invalid memory access with bad 'statusline' value
- debian/patches/CVE-2023-0049.patch: avoid going over the NULL at the end
of a statusline.
- CVE-2023-0049
* SECURITY UPDATE: invalid memory access with recursive substitute
expression
- debian/patches/CVE-2023-0054.patch: check the return value of
vim_regsub().
- CVE-2023-0054
* SECURITY UPDATE: invalid memory access with folding and using "L"
- debian/patches/CVE-2023-0288.patch: prevent the cursor from moving to
line zero.
- CVE-2023-0288
* SECURITY UPDATE: reading past the end of a line when formatting text
- debian/patches/CVE-2023-0433.patch: check for not going over the end of
the line.
- CVE-2023-0433
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-0051.patch: reading beyond text
- debian/patches/CVE-2023-1170.patch: accessing invalid memory with put
in Visual block mode
- CVE-2023-0051
- CVE-2023-1170
* SECURITY UPDATE: incorrect calculation of buffer size
- debian/patches/CVE-2023-1175.patch: illegal memory access when using
virtual editing
- CVE-2023-1175
* SECURITY UPDATE: NULL pointer dereference vulnerability
- debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
:open command
- CVE-2023-1264
-- Nishit Majithia <email address hidden> Fri, 17 Mar 2023 17:54:05 +0530
-
vim (2:9.0.0242-1ubuntu1.1) kinetic; urgency=medium
* Update supported Ubuntu and Debian codenames (LP: #1996087).
-- Simon Quigley <email address hidden> Wed, 09 Nov 2022 18:06:46 +0100
-
vim (2:9.0.0242-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
+ debian/patches/0001-fix-flaky-terminal-mode-test.vim: Fix flaky vim
terminal mode test
+ debian/patches/0002-disable-failing-tests-on-ppc64.patch: Disable some
tests that were throwing an ENOMEM during build on ppc64el. The tests
are only disabled when building on ppc64el.
vim (2:9.0.0242-1) unstable; urgency=medium
* Merge upstream patch v9.0.0242
+ 9.0.241/242: Install the shared syntax files (Closes: #1017856)
* Add historic changelog entry for #947120 fix
* Adjust lintian overrides for new []-format
* Declare compliance with Policy 4.6.1, no changes needed
vim (2:9.0.0229-1) unstable; urgency=medium
* Merge upstream patch v9.0.0229
+ Various CVE fixes
- 9.0.0211: invalid memory access when compiling :lockvar, CVE-2022-2819
- 9.0.0212: invalid memory access when compiling :unlet, CVE-2022-2816
- 9.0.0213: using freed memory with error in assert argument,
CVE-2022-2817
- 9.0.0218: reading before the start of the line, CVE-2022-2845
- 9.0.0220: invalid memory access with for loop over NULL string,
CVE-2022-2849
- 9.0.0221: accessing freed memory if compiling nested function fails,
CVE-2022-2862
- 9.0.0225: using freed memory with multiple line breaks in expression,
CVE-2022-2889
* Add Recommends: xxd to vim-common
* Minor fixes for vim-tiny's fake help file (Closes: #1017715)
* Revert "Temporarily skip Test_Debugger_breakadd_expr", test fixed upstream
-- Steve Langasek <email address hidden> Tue, 23 Aug 2022 13:18:58 -0700
-
vim (2:9.0.0135-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
+ debian/patches/0001-fix-flaky-terminal-mode-test.vim: Fix flaky vim
terminal mode test
+ debian/patches/0002-disable-failing-tests-on-ppc64.patch: Disable some
tests that were throwing an ENOMEM during build on ppc64el. The tests
are only disabled when building on ppc64el.
* Dropped, no longer needed:
+ debian/patches/debian/update-upstart-syntax.patch: we no longer
support upstart; no reason to carry a patch to an editor to improve
syntax highlighting for upstart files.
+ debian/patches/ubuntu-fix-ftbfs.patch: Resolve FTBFS in kinetic
vim (2:9.0.0135-1) unstable; urgency=medium
* Merge upstream patch v8.2.5172
+ ftplugin/perl.vim: Only add : to 'isfname' in Perl buffers. (Closes:
#761800)
+ ftplugin/tap.vim: Set fold-related options local to the buffer. (Closes:
#954113)
+ syntax/debcontrol.vim: Fix highlighting of sections with a slash (e.g.,
"non-free/utils"). (Closes: #1010839)
+ syntax/tap.vim: Match TODO/SKIP markers case-insensitively. (Closes:
#954016)
+ syntax/perl.vim: Properly highlight code on the same line as the start
of a here-doc block. (Closes: #136455)
+ Various CVE fixes (Closes: #1015984, #1016068)
- 8.2.5043: can open a cmdline window from a substitute expression,
CVE-2022-1942
- 8.2.5050: using freed memory when searching for pattern in path,
CVE-2022-1968
- 8.2.5063: error for a command may go over the end of IObuff,
CVE-2022-2000
- 8.2.5120: searching for quotes may go over the end of the line,
CVE-2022-2124
- 8.2.5122: lisp indenting may run over the end of the line,
CVE-2022-2125
- 8.2.5123: using invalid index when looking for spell suggestions,
CVE-2022-2126
- 8.2.5126: substitute may overrun destination buffer, CVE-2022-2129
- 9.0.0018: going over the end of the typeahead, CVE-2022-2285
- 9.0.0025: accessing beyond allocated memory with the cmdline window,
CVE-2022-2288
- 9.0.0035: spell dump may go beyond end of an array, CVE-2022-2304
- 8.2.5162: reading before the start of the line with BS in Replace
mode, CVE-2022-2207
- 8.2.4895: buffer overflow with invalid command with composing chars,
CVE-2022-1616
- 8.2.4899: with latin1 encoding CTRL-W might go before the cmdline,
CVE-2022-1619
- 8.2.4919: can add invalid bytes with :spellgood, CVE-2022-1621
- 8.2.4956: reading past end of line with "gf" in Visual block mode,
CVE-2022-1720
- 8.2.4977: memory access error when substitute expression changes
window, CVE-2022-1785
- 8.2.5013: after text formatting cursor may be in an invalid position,
CVE-2022-1851
- 8.2.5023: substitute overwrites allocated buffer, CVE-2022-1897
- 8.2.5024: using freed memory with "]d", CVE-2022-1898
- 9.0.0060: accessing uninitialized memory when completing long line,
CVE-2022-2522
* Temporarily skip Test_Debugger_breakadd_expr
-- Steve Langasek <email address hidden> Tue, 16 Aug 2022 09:32:41 -0700
-
vim (2:8.2.5166-0ubuntu1) kinetic; urgency=medium
* New upstream version.
-- Simon Quigley <email address hidden> Sun, 26 Jun 2022 22:22:46 -0500
-
vim (2:8.2.4793-1ubuntu2) kinetic; urgency=medium
* Resolve FTBFS in kinetic (LP: #1979336)
-- William 'jawn-smith' Wilson <email address hidden> Tue, 21 Jun 2022 09:44:32 -0500
-
vim (2:8.2.4793-1ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable, remaining changes:
+ debian/runtime/vimrc:
"syntax on" is a sane default for non-tiny vim.
+ debian/patches/debian/ubuntu-grub-syntax.patch:
Add Ubuntu-specific "quiet" keyword.
+ debian/patches/debian/update-upstart-syntax.patch:
Add setuid and setgid to syntax file.
+ debian/patches/ubuntu-mouse-off.patch:
Mouse mode is actively harmful in some chroots.
+ debian/patches/patches/increase_timeout.diff:
Increase timeout for the Test_pattern_compile_speed patch.
* Update my patch adding Kinetic given the new upstream changes. The patch
only adds Kinetic at this point.
vim (2:8.2.4793-1) unstable; urgency=medium
* Merge upstream patch v8.2.4793
vim (2:8.2.4659-1) unstable; urgency=medium
* Merge upstream patch v8.2.4659
+ 8.2.4151: reading beyond end of a line (Closes: #1004859, CVE-2022-0318)
+ autoload/phpcomplete.vim: Fix E565 error in omni-completion (Closes:
#1008710)
* Remove outdated NEWS and README.Debian entries
* README.Debian: Fix links to vim-policy
* Improve docs about purpose and effect of defaults.vim (Closes: #856273)
* Define system (g)vimrc location as /etc/vim/(g)vimrc, rather than
symlinking from /usr/share/vim/(g)vimrc -> /etc/vim/(g)vimrc.
* Replace vim-athena with vim-motif, Athena GUI deprecated upstream
* Remove lintian override for rgb.txt, removed upstream
* Declare compliance with Policy 4.6.0, no changes needed
* Remove vim-gtk transitional package
-- Simon Quigley <email address hidden> Sat, 11 Jun 2022 15:25:56 -0400
-
vim (2:8.2.3995-1ubuntu3) kinetic; urgency=medium
* Add ubuntu-kinetic.patch, which drops Hirsute from the supported releases
and adds Kinetic to the supported releases.
-- Simon Quigley <email address hidden> Fri, 29 Apr 2022 04:04:08 -0500
-
vim (2:8.2.3995-1ubuntu2) jammy; urgency=medium
* Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
-- William 'jawn-smith' Wilson <email address hidden> Mon, 18 Apr 2022 14:26:30 -0500
