-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2019 01:05:10 -0400 Source: neovim Binary: neovim neovim-runtime Architecture: i386 Version: 0.1.7-4+deb9u1 Distribution: stretch-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: James McCoy Description: neovim - heavily refactored vim fork neovim-runtime - heavily refactored vim fork (runtime files) Closes: 930024 Changes: neovim (0.1.7-4+deb9u1) stretch-security; urgency=high . * Backport upstream patches to address CVE-2019-12735 (Closes: #930024) + vim-patch-8.0.0649 and vim-patch-8.0.0650: autocmd open help 2 times + vim-patch:8.1.0066: nasty autocommand causes using freed memory + vim-patch:8.1.0067: syntax highlighting not working when re-entering a buffer + vim-patch:8.1.0177: defining function in sandbox is inconsistent + vim-patch:8.1.0189: function defined in sandbox not tested + vim-patch:8.1.0205: invalid memory access with invalid modeline + vim-patch:8.1.0506: modeline test fails when run by root + vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command + vim-patch:8.1.0539: cannot build without the sandbox + vim-patch:8.1.0540: may evaluate insecure value when appending to option + vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error + vim-patch:8.1.0546: modeline test with keymap fails + vim-patch:8.1.0547: modeline test with keymap still fails + vim-patch:8.1.0613: when executing an insecure function the secure flag is stuck + vim-patch:8.1.1046: the "secure" variable is used inconsistently + vim-patch:8.1.1365: :source should check sandbox + vim-patch:8.1.1366: using expressions in a modeline is unsafe + vim-patch:8.1.1367: can set 'modelineexpr' in modeline + vim-patch:8.1.1368: modeline test fails with python but without pythonhome + vim-patch:8.1.1382: error when editing test file + vim-patch:8.1.1401: misspelled mkspellmem as makespellmem Checksums-Sha1: 56f8036c7bc1cd017a691688ab2404ca7cb2aeca 3277210 neovim-dbgsym_0.1.7-4+deb9u1_i386.deb 28d25bebb5b3bb4eb4ec895fa7cbe5cb7e5cc1c1 7988 neovim_0.1.7-4+deb9u1_i386.buildinfo a14c105ae4cb618f6695de3447659360a9f6e237 1163366 neovim_0.1.7-4+deb9u1_i386.deb Checksums-Sha256: 5dfe34fcdc43c356f0b8909103a70735907d38812ea441e0fc04f1002aaa1c2e 3277210 neovim-dbgsym_0.1.7-4+deb9u1_i386.deb bd12c397792dad9bf3ba8b3fadb6c908c7ec70e5787948ecc7f2d880e8ca828e 7988 neovim_0.1.7-4+deb9u1_i386.buildinfo 9e9958b822d56a87a4940d37bc69c6da8c59ef9eb464deeb5e9c2f88d0bd4ff3 1163366 neovim_0.1.7-4+deb9u1_i386.deb Files: 109a27f0083d8f6325fa09d99df4c753 3277210 debug extra neovim-dbgsym_0.1.7-4+deb9u1_i386.deb 3172ea44aad05fc360c5840c07d9f968 7988 editors extra neovim_0.1.7-4+deb9u1_i386.buildinfo 5e62814270ce9ce818c80570531bb1db 1163366 editors extra neovim_0.1.7-4+deb9u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE56RkdImmGnu/qTMEtnmMmMOJfQ0FAl02XR0ACgkQtnmMmMOJ fQ28iA/9EkIaepFe4L+yBuu5MTogWfvwL5p2EDaAhjvFXLQ/vC7mr5Gvvfv71E9P KpiC/rzs/ewKWkev599cea005KI1vB8dmY7W3ExTAYcZZlb57zwY6QteLqShd8I6 h6PI8RX4ke4IApqNKoMyfa3O7XInnD71IbXbd5QHjWrsCaO+QAfdKQanARyinPWb wXsqYi5wqBuA0DvYzZVx6eQI/P/1lce/3S87klRO3AhrE+JEb5dp2tvy8mMioy6m U8NDi8UNKGkJRUmewlj8huqunaX3kCX4oXwl7SXLk8MKelF5wmfqgsLk5kIKGvmb kj2MHyqQF1xp26slNHXvy+E11ANrq4MZ/IDPtLMi0eEaUUwJTG9wbBcNew1Oe4sz 0u927enNBmG4RKYWKRY3f4jIrYERZm3cQ9itz4rAtCfXtvhYt4depYLFrLuLCgVS dBS+ddyX7vxQwvsQaqNiOxCykJeX2zkL7LJqbAxrV+MvKuFFWdK0TjtfeCUDbbWA oENf9DtN1reCt6+OP6QkgfDeVbtvAvba2mmcAziu9IDyigJhA5z7JPXXM2yVPuyR /JG72SCLEVC/TpsYIpXW8Ku71GaIpiHDd8CADgUBHpv4VvdsOe13Amc45OiQhQi9 ncy9o+8moLtFFUxkE+gnKlnRLXh5hE+CjzZenJCL3YpV4LI4lmo= =sytE -----END PGP SIGNATURE-----