-
vim (2:9.0.1672-1ubuntu2.4) mantic; urgency=medium
* Ensure Ubuntu codenames are current (LP: #2064687).
-- Simon Quigley <email address hidden> Thu, 02 May 2024 21:44:37 -0500
-
vim (2:9.0.1672-1ubuntu2.3) mantic-security; urgency=medium
* SECURITY UPDATE: stack based buffer overflow
- debian/patches/CVE-2024-22667.patch: passes error buffer length down
through option callback functions.
- CVE-2024-22667
-- Ian Constantin <email address hidden> Thu, 14 Mar 2024 15:39:48 +0200
-
vim (2:9.0.1672-1ubuntu2.2) mantic-security; urgency=medium
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-46246.patch: Check that the return value from the
vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
an error.
- CVE-2023-46246
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-48231.patch: If the current window structure is
no longer valid, fail and return before attempting to set win->w_closing
variable.
- CVE-2023-48231
* SECURITY UPDATE: division by zero
- debian/patches/CVE-2023-48232-*.patch: Prevent a floating point exception
when calculating w_skipcol (which can happen with a small window when the
number option is set and cpo+=n).
- CVE-2023-48232
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48233.patch: If the count after the :s command is
larger than what fits into a (signed) long variable, abort with
e_value_too_large.
- CVE-2023-48233
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
command, it may overflow for large counts given. So verify, that we can
safely store the result in a long.
- CVE-2023-48234
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
one may unintentionally cause an overflow (because LONG_MAX - lnum will
overflow for negative addresses).
- CVE-2023-48235
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48236.patch: When using the z= command, we may
overflow the count with values larger than MAX_INT. So verify that we do
not overflow and in case when an overflow is detected, simply return 0.
- CVE-2023-48236
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48237.patch: When shifting lines in operator
pending mode and using a very large value, we may overflow the size of
integer. Fix this by using a long variable, testing if the result would
be larger than INT_MAX and if so, indent by INT_MAX value.
- CVE-2023-48237
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-48706.patch: ensure that the sub var always using
allocated memory.
- CVE-2023-48706
-- Fabian Toepfer <email address hidden> Mon, 04 Dec 2023 13:42:16 +0100
-
vim (2:9.0.1672-1ubuntu2.1) mantic-security; urgency=medium
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
reset_VIsual() in do_ecmd.
- CVE-2023-4733
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2023-4734.patch: Check for typeval correctly in
f_fullcommand.
- CVE-2023-4734
* SECURITY UPDATE: out of bounds write vulnerability
- debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
overflow in do_addsub.
- CVE-2023-4735
* SECURITY UPDATE: buffer overflow vulnerability
- debian/patches/CVE-2023-4738.patch: Check remaining space in
vim_regsub_both.
- CVE-2023-4738
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4750.patch: Check buffer is valid before
accessing it.
- CVE-2023-4750
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4752.patch: validate buffer before accessing it
in ins_compl_get_exp.
- CVE-2023-4752
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-4781.patch: Disallow exchanging windows when
textlock is active in vim_regsub_both.
- CVE-2023-4781
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
trunc_string.
- CVE-2023-5344
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
in gui_do_scroll.
- CVE-2023-5441
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-5535.patch: block autocommands in
buf_contents_changed.
- CVE-2023-5535
-- Fabian Toepfer <email address hidden> Mon, 16 Oct 2023 20:21:01 +0200
-
vim (2:9.0.1672-1ubuntu2) mantic; urgency=medium
* debian/patches/0002-disable-failing-tests-on-ppc64.patch (LP: #2033072)
- Skip few more tests failing on ppc64el due to sodium_mlock().
Some of them also failed on arm64 and armd64 during tests with a PPA, so
skip them on those archs as well.
-- Danilo Egea Gondolfo <email address hidden> Fri, 25 Aug 2023 13:17:49 +0100
-
vim (2:9.0.1672-1ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
vim (2:9.0.1672-1) unstable; urgency=medium
* Merge upstream patch v9.0.1672
* Remove check for DEB_BUILD_OPTIONS=nocheck, since dh_auto_test handles it now
* Skip Test_uncrypt_xchacha20 tests on big endian systems
vim (2:9.0.1658-1) unstable; urgency=medium
* Merge upstream patch v9.0.1658
+ Vulnerability fixes
- 9.0.1392: Using NULL pointer with nested :open command, CVE-2023-1264
- 9.0.1402: Crash when using null_class, CVE-2023-1355
- 9.0.1531: Crash when register contents ends up being invalid,
CVE-2023-2609
- 9.0.1532: Crash when expanding "~" in substitute causes very long
text, (Closes: #1035955, CVE-2023-2610)
+ 9.0.1409: Racket files are recognized as their own filetype, rather than
as scheme
+ 9.0.1619: Always recognize the codes for focus gained/lost, even if Vim
doesn't expect the terminal to support them. (Closes: #1038401)
+ Document behavior of C-x / C-a on numbers outside the range of a 64-bit
value. (Closes: #1031256)
* Refresh patches, dropping backport of v9.0.1499
* Include uganda.txt, sponsor.txt, and versionX.txt in vim-common so the
intro screen has functional help links when only vim-tiny and vim-common
are installed
* Declare compliance with Policy 4.6.2, no changes needed
* Remove non-functional diversion handling in vim-runtime.postinst
-- Julian Andres Klode <email address hidden> Tue, 25 Jul 2023 13:58:43 +0200
-
vim (2:9.0.1658-1ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
* Dropped changes:
- Remove the CVE patches, included upstream
vim (2:9.0.1658-1) unstable; urgency=medium
* Merge upstream patch v9.0.1658
+ Vulnerability fixes
- 9.0.1392: Using NULL pointer with nested :open command, CVE-2023-1264
- 9.0.1402: Crash when using null_class, CVE-2023-1355
- 9.0.1531: Crash when register contents ends up being invalid,
CVE-2023-2609
- 9.0.1532: Crash when expanding "~" in substitute causes very long
text, (Closes: #1035955, CVE-2023-2610)
+ 9.0.1409: Racket files are recognized as their own filetype, rather than
as scheme
+ 9.0.1619: Always recognize the codes for focus gained/lost, even if Vim
doesn't expect the terminal to support them. (Closes: #1038401)
+ Document behavior of C-x / C-a on numbers outside the range of a 64-bit
value. (Closes: #1031256)
* Refresh patches, dropping backport of v9.0.1499
* Include uganda.txt, sponsor.txt, and versionX.txt in vim-common so the
intro screen has functional help links when only vim-tiny and vim-common
are installed
* Declare compliance with Policy 4.6.2, no changes needed
* Remove non-functional diversion handling in vim-runtime.postinst
-- Julian Andres Klode <email address hidden> Mon, 03 Jul 2023 16:21:02 +0200
-
vim (2:9.0.1378-2ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: NULL pointer dereference when processing register content
- debian/patches/CVE-2023-2609.patch: check "y_array" is not NULL.
- CVE-2023-2609
* SECURITY UPDATE: integer overflow and excessive memory consumption when
allocating memory for tilde processing in pattern
- debian/patches/CVE-2023-2610.patch: limit the text length to MAXCOL.
- CVE-2023-2610
-- Camila Camargo de Matos <email address hidden> Wed, 24 May 2023 11:10:23 -0300
-
vim (2:9.0.1378-2ubuntu1) mantic; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
- SECURITY UPDATE: NULL pointer dereference vulnerability
+ debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
:open command
+ CVE-2023-1264
- SECURITY UPDATE: NULL pointer dereference vulnerability
+ debian/patches/CVE-2023-1355.patch
+ CVE-2023-1355
* Welcome to the Mantic Minotaur!
vim (2:9.0.1378-2) unstable; urgency=medium
* Backport 9.0.1499 to fix CVE-2023-2426 (Closes: #1035323)
* Backport fix for indenting of Perl subroutines (Closes: #1034529)
-- Simon Quigley <email address hidden> Wed, 10 May 2023 11:28:16 -0500
-
vim (2:9.0.1378-1ubuntu1) mantic; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- debian/runtime/vimrc:
+ "syntax on" is a sane default for non-tiny Vim.
- debian/patches/debian/ubuntu-grub-syntax.patch:
+ Add Ubuntu-specific "quiet" keyword.
- debian/patches/ubuntu-mouse-off.patch:
+ Mouse mode is actively harmful in some chroots.
- debian/patches/patches/increase_timeout.diff:
+ Increase timeout for the Test_pattern_compile_speed patch.
- debian/patches/0001-fix-flaky-terminal-mode-test.vim:
+ Fix flaky Vim terminal mode test.
- debian/patches/0002-disable-failing-tests-on-ppc64.patch:
+ Disable some tests that were throwing an ENOMEM during build on
ppc64el. The tests are only disabled when building on ppc64el.
- SECURITY UPDATE: NULL pointer dereference vulnerability
+ debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
:open command
+ CVE-2023-1264
* SECURITY UPDATE: NULL pointer dereference vulnerability
- debian/patches/CVE-2023-1355.patch
- CVE-2023-1355
vim (2:9.0.1378-1) unstable; urgency=medium
* Merge upstream patch v9.0.1378
+ Vulnerability fixes
- 9.0.1143: Invalid memory access with bad 'statusline' value,
CVE-2023-0049
- 9.0.1144: Reading beyond text, CVE-2023-0051
- 9.0.1145: Invalid memory access with recursive substitute expression,
(Closes: #1031875, CVE-2023-0054)
- 9.0.1189: Invalid memory access with folding and using "L",
CVE-2023-0288
- 9.0.1225: Reading past the end of a line when formatting text,
CVE-2023-0433
- 9.0.1247: Divide by zero with 'smoothscroll' set and a narrow window,
CVE-2023-0512
- 9.0.1367: Divide by zero in zero-width window, CVE-2023-1127
- 9.0.1376: Accessing invalid memory with put in Visual block mode,
CVE-2023-1170
+ 9.0.1073, 9.0.1080: Fix keyboard input/mapping support for some
terminals (e.g., foot and kitty). (Closes: #1029049)
+ 9.0.1213: Fix inconsistent behavior when adding text after a fold at the
end of the buffer (Closes: #868252)
+ syntax/2html.vim: Fix reference to undefined s:settings_no_doc variable
(Closes: #1030151)
+ syntax/debcontrol.vim, syntax/debsources.vim: Add support for
non-free-firmware. (Closes: #1029986)
-- Simon Quigley <email address hidden> Wed, 26 Apr 2023 16:25:45 -0500
-
vim (2:9.0.1000-4ubuntu3) lunar; urgency=medium
* Security upload for the devel series (LP: #2013211)
* SECURITY UPDATE: reading past the end of a line when formatting text
- debian/patches/CVE-2023-0433.patch: check for not going over the end of
the line.
- CVE-2023-0433
* SECURITY UPDATE: divide by zero issue
- debian/patches/CVE-2023-0512.patch: divide by zero with 'smoothscroll'
set and a narrow window
- debian/patches/CVE-2023-1127.patch: divide by zero in zero-width window
- CVE-2023-0512
- CVE-2023-1127
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-1170.patch: accessing invalid memory with put
in Visual block mode
- CVE-2023-1170
* SECURITY UPDATE: incorrect calculation of buffer size
- debian/patches/CVE-2023-1175.patch: illegal memory access when using
virtual editing
- CVE-2023-1175
* SECURITY UPDATE: NULL pointer dereference vulnerability
- debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
:open command
- CVE-2023-1264
-- Nishit Majithia <email address hidden> Wed, 29 Mar 2023 18:19:19 +0530
