-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Jul 2019 21:17:43 -0400 Source: neovim Architecture: source Version: 0.3.4-3~bpo9+1 Distribution: stretch-backports Urgency: high Maintainer: Debian Vim Maintainers <team+vim@tracker.debian.org> Changed-By: James McCoy <jamessan@debian.org> Closes: 930024 Changes: neovim (0.3.4-3~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . neovim (0.3.4-3) unstable; urgency=high . * Backport additional changes to address CVE-2019-12735 (Closes: #930024) + vim-patch:8.1.0177: defining function in sandbox is inconsistent + vim-patch:8.1.0189: function defined in sandbox not tested + vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command + vim-patch:8.1.0539: cannot build without the sandbox + vim-patch:8.1.0540: may evaluate insecure value when appending to option + vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error + vim-patch:8.1.0613: when executing an insecure function the secure flag is stuck + vim-patch:8.1.1046: the "secure" variable is used inconsistently + vim-patch:8.1.0205: invalid memory access with invalid modeline + vim-patch:8.1.0206: duplicate test function name + vim-patch:8.1.0506: modeline test fails when run by root + vim-patch:8.1.0546: modeline test with keymap fails + vim-patch:8.1.0547: modeline test with keymap still fails + vim-patch:8.1.1366: using expressions in a modeline is unsafe + vim-patch:8.1.1367: can set 'modelineexpr' in modeline + vim-patch:8.1.1368: modeline test fails with python but without pythonhome + vim-patch:8.1.1382: error when editing test file + vim-patch:8.1.1401: misspelled mkspellmem as makespellmem * Backport patch to prevent use of nvim's API within the sandbox . neovim (0.3.4-2) unstable; urgency=high . [ Efraim Flashner ] * don't use luajit on powerpc . [ James McCoy ] * Use the system allocator instead of jemalloc . [ Justin M. Keyes ] * vim-patch:8.1.1365: :source should check sandbox (Closes: #930024, CVE-2019-12735) Checksums-Sha1: 18d9844330260a2ce8eccf0e827931e3ce1500dc 2709 neovim_0.3.4-3~bpo9+1.dsc d5145795a7880bbd1e5619b05fc99f6d732053cc 27004 neovim_0.3.4-3~bpo9+1.debian.tar.xz dc41977e7d579b3ff45ef780209e3d5adf59ed6d 8157 neovim_0.3.4-3~bpo9+1_source.buildinfo Checksums-Sha256: f011680a2c3f2b75bccf8fe104ad11660bdad913b1f2f46a5cf971032eeccf84 2709 neovim_0.3.4-3~bpo9+1.dsc b3d6b7af9ba12e1b4aff87f1cc3463f427c5db4601463e1119298331ce832a06 27004 neovim_0.3.4-3~bpo9+1.debian.tar.xz 54e20fd4d5a9f29505d2a79093c1ee1eec33aa578659b445be9ac0c7c78ab316 8157 neovim_0.3.4-3~bpo9+1_source.buildinfo Files: 231aa13e97aebe43f7ae167de4269dc6 2709 editors optional neovim_0.3.4-3~bpo9+1.dsc bf7a5a9dd396063d2915d39b2e488ce5 27004 editors optional neovim_0.3.4-3~bpo9+1.debian.tar.xz f75ca996011ae02f792bc35e47eff2b8 8157 editors optional neovim_0.3.4-3~bpo9+1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAl03sk1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9sQIA//YfXyk01r53crbTMP41Oz+VzrT+R+ OV3sgIpc1zv9A6vLLQigo8hchJ3cA1kEoHQAbuw2+xSdXU9dpbbOIV/A5VFcICzG IaRnG0Xyh8dzSU2DX3wpxVONTEQNzFVzH5Obx0DhAMpHw2CV4S4VMv1DL8uIh6cY tzZ7b3zt/HDYT+XRO1TiSnijpbmq/By5pZp+LyBO75fABXf0FsZwoMSGdR9g2w9s n35WpqGuEKmngK3LBBnLDgYl6yfUIHpm1i6rVJ3aHC4INcR69WVDGBJkHlNh8UHS O/zo74j+PF9HtyZdVwoUmi3JQwuuj4t/Gc3D0tn2+U7A4hTzGt45sBJfZx20AYkR uijDXi0dMB0cieKiUp0PhwXEMij8L8B3n6uHT0YdPK5KBURNj2U+WXbwAjN+rmnJ o3ROBCT3bvB6shyeTahObDaP/gMJetysLOB9BzgGHdpHxaglBhFq5bw/zT91+SbH s1xSWjlDig95h/bD4NGTrpl26n66XS64dyLLzeLwsmzgFUIUTao5nElh3Qvisthn ZXrexzWLS03U2V/8GaqscaSOb2OqJZlH1yqFnFfZTCUCHJi8djUdzqVCajmCxgFT 0KdbVTgP/xcEIL2k/yuSH9WN20L1i+oYr4uoTWhI4sioAcI6EDse4Q01SCUr65B/ i9In/nuEPPbiEiU= =EZMd -----END PGP SIGNATURE-----