[ubuntu/plucky-proposed] vim 2:9.1.0967-1ubuntu4 (Accepted)

[Hlib Korzhynskyy]

vim (2:9.1.0967-1ubuntu4) plucky; urgency=medium

  * SECURITY UPDATE: Crash when file is inaccessible with log option.
    - debian/patches/CVE-2025-1215.patch: Split common_init to common_init_1
      and common_init_2 in ./src/main.c.
    - CVE-2025-1215
  * SECURITY UPDATE: Denial of service.
    - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()
      in files src/gui.c, src/testdir/crash/ex_redraw_crash,
      src/testdir/test_crash.vim.
    - CVE-2025-24014
  * SECURITY UPDATE: Use after free when redirecting display command to
    register.
    - debian/patches/CVE-2025-26603.patch: Change redir_reg check to use
      vim_strchr command check in ./src/register.c.
    - CVE-2025-26603
  * SECURITY UPDATE: Code execution when editing tar files.
    - debian/patches/CVE-2025-27423.patch: Use escape_file instead of fname in
      ./runtime/autoload/tar.vim.
    - CVE-2025-27423
  * SECURITY UPDATE: Data loss when extracting special zip files.
    - debian/patches/CVE-2025-29768.patch: Substitute special characters in
      ./runtime/autoload/zip.vim.
    - CVE-2025-29768

Date: Thu, 03 Apr 2025 11:38:49 -0230
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubuntu4
-------------- next part --------------
Format: 1.8
Date: Thu, 03 Apr 2025 11:38:49 -0230
Source: vim
Built-For-Profiles: noudeb
Architecture: source
Version: 2:9.1.0967-1ubuntu4
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
 vim (2:9.1.0967-1ubuntu4) plucky; urgency=medium
 .
   * SECURITY UPDATE: Crash when file is inaccessible with log option.
     - debian/patches/CVE-2025-1215.patch: Split common_init to common_init_1
       and common_init_2 in ./src/main.c.
     - CVE-2025-1215
   * SECURITY UPDATE: Denial of service.
     - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()
       in files src/gui.c, src/testdir/crash/ex_redraw_crash,
       src/testdir/test_crash.vim.
     - CVE-2025-24014
   * SECURITY UPDATE: Use after free when redirecting display command to
     register.
     - debian/patches/CVE-2025-26603.patch: Change redir_reg check to use
       vim_strchr command check in ./src/register.c.
     - CVE-2025-26603
   * SECURITY UPDATE: Code execution when editing tar files.
     - debian/patches/CVE-2025-27423.patch: Use escape_file instead of fname in
       ./runtime/autoload/tar.vim.
     - CVE-2025-27423
   * SECURITY UPDATE: Data loss when extracting special zip files.
     - debian/patches/CVE-2025-29768.patch: Substitute special characters in
       ./runtime/autoload/zip.vim.
     - CVE-2025-29768
Checksums-Sha1:
 3e356353ebf37b908767fad4c20b8210e8732bd3 3065 vim_9.1.0967-1ubuntu4.dsc
 9e4914557dc8ee09a2ee26887cb9525d64fb18ff 212088 vim_9.1.0967-1ubuntu4.debian.tar.xz
 bb00e088d33b48b6c64c6d8503da3b72545df21c 17185 vim_9.1.0967-1ubuntu4_source.buildinfo
Checksums-Sha256:
 4420b7d4a4443e17d16bda1cfe53416b72ae3255dcf7d99762b1014455d785e8 3065 vim_9.1.0967-1ubuntu4.dsc
 3b5e67f253a676f9bc3470e55a0f009b1b58e5c3d7f1fbc02fceff48f78d1b65 212088 vim_9.1.0967-1ubuntu4.debian.tar.xz
 3477ca0c5cf8283b59d745a2b5e5f7f34de0069995eb39aa072d9148568dd12a 17185 vim_9.1.0967-1ubuntu4_source.buildinfo
Files:
 9d7863f2fe4451b68a54a578a1943caf 3065 editors optional vim_9.1.0967-1ubuntu4.dsc
 d3a8fbbbffef8905cb84f84484c5c6f4 212088 editors optional vim_9.1.0967-1ubuntu4.debian.tar.xz
 cdecb9cbf5756d3afe9677e4fe3882a6 17185 editors optional vim_9.1.0967-1ubuntu4_source.buildinfo
Original-Maintainer: Debian Vim Maintainers <team+vim at tracker.debian.org>