-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2019 01:05:10 -0400 Source: neovim Architecture: source Version: 0.1.7-4+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Vim Maintainers Changed-By: James McCoy Closes: 930024 Changes: neovim (0.1.7-4+deb9u1) stretch-security; urgency=high . * Backport upstream patches to address CVE-2019-12735 (Closes: #930024) + vim-patch-8.0.0649 and vim-patch-8.0.0650: autocmd open help 2 times + vim-patch:8.1.0066: nasty autocommand causes using freed memory + vim-patch:8.1.0067: syntax highlighting not working when re-entering a buffer + vim-patch:8.1.0177: defining function in sandbox is inconsistent + vim-patch:8.1.0189: function defined in sandbox not tested + vim-patch:8.1.0205: invalid memory access with invalid modeline + vim-patch:8.1.0506: modeline test fails when run by root + vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command + vim-patch:8.1.0539: cannot build without the sandbox + vim-patch:8.1.0540: may evaluate insecure value when appending to option + vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error + vim-patch:8.1.0546: modeline test with keymap fails + vim-patch:8.1.0547: modeline test with keymap still fails + vim-patch:8.1.0613: when executing an insecure function the secure flag is stuck + vim-patch:8.1.1046: the "secure" variable is used inconsistently + vim-patch:8.1.1365: :source should check sandbox + vim-patch:8.1.1366: using expressions in a modeline is unsafe + vim-patch:8.1.1367: can set 'modelineexpr' in modeline + vim-patch:8.1.1368: modeline test fails with python but without pythonhome + vim-patch:8.1.1382: error when editing test file + vim-patch:8.1.1401: misspelled mkspellmem as makespellmem Checksums-Sha1: 3fbc530c2c04e4d248b2d04c35bfdd04f1828924 2686 neovim_0.1.7-4+deb9u1.dsc be36bf8b80a37de7d2321fe9e8dc110331840006 7601279 neovim_0.1.7.orig.tar.gz 7d48778fcb3fc7c4901a48fd66c3bef46333a5f5 36020 neovim_0.1.7-4+deb9u1.debian.tar.xz 6d2551703b19ce8a8e22ca0d9c438e7c087e1d4e 8012 neovim_0.1.7-4+deb9u1_source.buildinfo Checksums-Sha256: 74aa8412d3403f335ce3ded2ca90d63970d661fc3564f3f3d46b487e0a2f4a46 2686 neovim_0.1.7-4+deb9u1.dsc d59b2e7d3e8756367bc8e3890fd5e1008e45f90e85c6a0f7d251b3889d756506 7601279 neovim_0.1.7.orig.tar.gz 358d52252262e6d22b89a467b0bff305ceadf99abcc109ff3208f900bd5fec6e 36020 neovim_0.1.7-4+deb9u1.debian.tar.xz c0de4b237afc1edbe62611c0b83bb4b2024fd6665591e16f77cfab9319a37f4e 8012 neovim_0.1.7-4+deb9u1_source.buildinfo Files: 34feacd0d01ff0d507dc781087cb9a32 2686 editors extra neovim_0.1.7-4+deb9u1.dsc 43b6ce7ff1c795acc2c4ac9d7e2ef9df 7601279 editors extra neovim_0.1.7.orig.tar.gz 1bff0da302dd0fca8adf7ec05426c053 36020 editors extra neovim_0.1.7-4+deb9u1.debian.tar.xz f75432bbc5b540de72a91d5f1567d372 8012 editors extra neovim_0.1.7-4+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAl02VnhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9vOVxAAjrse3+BS/ulNx/kSy3v8tbJYq88B XNM22IbsN1CDbsCNByXnS8k0qzAoYl3xCWtVioG2+NEHqvQmPlfj4VD/3+OZdrWs 2KzkeF8OXXjJMqT+SgRHr66vfwXcQIzKewye1vBu0KVhTp/1sDmZWUdL4Di9+9JF 2UvRdVCA9LMPyfqOedK8GQfigwfMDob70sCAd2sPSvYqWg1g2Com6jKHKA48tLy8 eP5oLoJatOI5zg4Ym5Q9+Djhe8PumemqkTRrnNX6JCTxa5NRbkpj/H7BqUVKMhNt kA69N1qAiVdPmeVE5YmdBG679qZF4/8FVctG7pIkcOq5vJQTIDIoQJ/sMC0BYCpQ 8W0aij0uNp3xHQhuep9DrAme2wACXMZZAJ4WqgJJ5l4lVhbRbQk9fAI7n/HcNWHU C3YZWsb8uT25UsClkeUOjUqYG5KT5uavGieNZGPPWEY2kalenEl47FH5sTOZRuMm huR7aKnC0nW19RWm85Oog5smz0aU5XncQd/qrfIbHqLhLhAxkvCLSVmr9vb/4wVH FHoO+hPi2UwKe8fLfywaA8nA/96xuqJ+U/bbgslvqOz6zjAo27cw0cPpuvCyi8b4 +HnC5RUnkmQLZIpn/516Vfy4VqQqGbv3cfF9lA+0xAogyFidk7rB1+LsSDua0WPp oscjkDF8NQCXLPo= =2kH3 -----END PGP SIGNATURE-----