[ubuntu/mantic-proposed] vim 2:9.0.1378-1ubuntu1 (Accepted)

Simon Quigley tsimonq2 at ubuntu.com
Mon May 1 09:15:31 UTC 2023 

vim (2:9.0.1378-1ubuntu1) mantic; urgency=medium

  * Merge from Debian Unstable. Remaining changes:
    - debian/runtime/vimrc:
      + "syntax on" is a sane default for non-tiny Vim.
    - debian/patches/debian/ubuntu-grub-syntax.patch:
      + Add Ubuntu-specific "quiet" keyword.
    - debian/patches/ubuntu-mouse-off.patch:
     + Mouse mode is actively harmful in some chroots.
    - debian/patches/patches/increase_timeout.diff:
      + Increase timeout for the Test_pattern_compile_speed patch.
    - debian/patches/0001-fix-flaky-terminal-mode-test.vim:
      + Fix flaky Vim terminal mode test.
    - debian/patches/0002-disable-failing-tests-on-ppc64.patch:
      + Disable some tests that were throwing an ENOMEM during build on
        ppc64el. The tests are only disabled when building on ppc64el.
    - SECURITY UPDATE: NULL pointer dereference vulnerability
      + debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
        :open command
      + CVE-2023-1264
  * SECURITY UPDATE: NULL pointer dereference vulnerability
    - debian/patches/CVE-2023-1355.patch
    - CVE-2023-1355

vim (2:9.0.1378-1) unstable; urgency=medium

  * Merge upstream patch v9.0.1378
    + Vulnerability fixes
      - 9.0.1143: Invalid memory access with bad 'statusline' value,
        CVE-2023-0049
      - 9.0.1144: Reading beyond text, CVE-2023-0051
      - 9.0.1145: Invalid memory access with recursive substitute expression,
        (Closes: #1031875, CVE-2023-0054)
      - 9.0.1189: Invalid memory access with folding and using "L",
        CVE-2023-0288
      - 9.0.1225: Reading past the end of a line when formatting text,
        CVE-2023-0433
      - 9.0.1247: Divide by zero with 'smoothscroll' set and a narrow window,
        CVE-2023-0512
      - 9.0.1367: Divide by zero in zero-width window, CVE-2023-1127
      - 9.0.1376: Accessing invalid memory with put in Visual block mode,
        CVE-2023-1170
    + 9.0.1073, 9.0.1080: Fix keyboard input/mapping support for some
      terminals (e.g., foot and kitty).  (Closes: #1029049)
    + 9.0.1213: Fix inconsistent behavior when adding text after a fold at the
      end of the buffer (Closes: #868252)
    + syntax/2html.vim: Fix reference to undefined s:settings_no_doc variable
      (Closes: #1030151)
    + syntax/debcontrol.vim, syntax/debsources.vim: Add support for
      non-free-firmware.  (Closes: #1029986)

Date: Wed, 26 Apr 2023 16:25:45 -0500
Changed-By: Simon Quigley <tsimonq2 at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/vim/2:9.0.1378-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 26 Apr 2023 16:25:45 -0500
Source: vim
Built-For-Profiles: noudeb
Architecture: source
Version: 2:9.0.1378-1ubuntu1
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Simon Quigley <tsimonq2 at ubuntu.com>
Closes: 868252 1029049 1029986 1030151 1031875
Changes:
 vim (2:9.0.1378-1ubuntu1) mantic; urgency=medium
 .
   * Merge from Debian Unstable. Remaining changes:
     - debian/runtime/vimrc:
       + "syntax on" is a sane default for non-tiny Vim.
     - debian/patches/debian/ubuntu-grub-syntax.patch:
       + Add Ubuntu-specific "quiet" keyword.
     - debian/patches/ubuntu-mouse-off.patch:
      + Mouse mode is actively harmful in some chroots.
     - debian/patches/patches/increase_timeout.diff:
       + Increase timeout for the Test_pattern_compile_speed patch.
     - debian/patches/0001-fix-flaky-terminal-mode-test.vim:
       + Fix flaky Vim terminal mode test.
     - debian/patches/0002-disable-failing-tests-on-ppc64.patch:
       + Disable some tests that were throwing an ENOMEM during build on
         ppc64el. The tests are only disabled when building on ppc64el.
     - SECURITY UPDATE: NULL pointer dereference vulnerability
       + debian/patches/CVE-2023-1264.patch: using NULL pointer with nested
         :open command
       + CVE-2023-1264
   * SECURITY UPDATE: NULL pointer dereference vulnerability
     - debian/patches/CVE-2023-1355.patch
     - CVE-2023-1355
 .
 vim (2:9.0.1378-1) unstable; urgency=medium
 .
   * Merge upstream patch v9.0.1378
     + Vulnerability fixes
       - 9.0.1143: Invalid memory access with bad 'statusline' value,
         CVE-2023-0049
       - 9.0.1144: Reading beyond text, CVE-2023-0051
       - 9.0.1145: Invalid memory access with recursive substitute expression,
         (Closes: #1031875, CVE-2023-0054)
       - 9.0.1189: Invalid memory access with folding and using "L",
         CVE-2023-0288
       - 9.0.1225: Reading past the end of a line when formatting text,
         CVE-2023-0433
       - 9.0.1247: Divide by zero with 'smoothscroll' set and a narrow window,
         CVE-2023-0512
       - 9.0.1367: Divide by zero in zero-width window, CVE-2023-1127
       - 9.0.1376: Accessing invalid memory with put in Visual block mode,
         CVE-2023-1170
     + 9.0.1073, 9.0.1080: Fix keyboard input/mapping support for some
       terminals (e.g., foot and kitty).  (Closes: #1029049)
     + 9.0.1213: Fix inconsistent behavior when adding text after a fold at the
       end of the buffer (Closes: #868252)
     + syntax/2html.vim: Fix reference to undefined s:settings_no_doc variable
       (Closes: #1030151)
     + syntax/debcontrol.vim, syntax/debsources.vim: Add support for
       non-free-firmware.  (Closes: #1029986)
Checksums-Sha1:
 831435352567fbf32746404bd1712875dd052da2 3041 vim_9.0.1378-1ubuntu1.dsc
 8638a129bdafafa1d950fa390064204cab7b6260 11109404 vim_9.0.1378.orig.tar.xz
 f07e74f906cf8a13c0025f052ac4cdeb4f772f22 196172 vim_9.0.1378-1ubuntu1.debian.tar.xz
 498023fd11ca0130e4c5fb76e4ae2f7f39412f07 8352 vim_9.0.1378-1ubuntu1_source.buildinfo
Checksums-Sha256:
 fe6db1df2484a339d0e3ca111dad144f658778c4a77e3ce7cea6e7d25b7952ec 3041 vim_9.0.1378-1ubuntu1.dsc
 6f20c108c0fe5dbcb00a00080b3607feb024a499de2c4d004de9c3bd74516523 11109404 vim_9.0.1378.orig.tar.xz
 37b4c896b5a109d7419d90396737173eeb5300dbbff423a557f6859999d83dd3 196172 vim_9.0.1378-1ubuntu1.debian.tar.xz
 19a32c601c912bed89a9adc751b0cdc92e8f01eae1ef2c3da421838345edf2a1 8352 vim_9.0.1378-1ubuntu1_source.buildinfo
Files:
 fdb9542fffc3871f8435a1bf474a8718 3041 editors optional vim_9.0.1378-1ubuntu1.dsc
 ec9c8390f880ca837751f294a8a277a0 11109404 editors optional vim_9.0.1378.orig.tar.xz
 3c0ebb38286f6beb633161c8eb151a4d 196172 editors optional vim_9.0.1378-1ubuntu1.debian.tar.xz
 492f0fe93201f61565e2cee407f740ba 8352 editors optional vim_9.0.1378-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Vim Maintainers <team+vim at tracker.debian.org>

More information about the mantic-changes mailing list