-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 03 Aug 2022 19:00:35 -0400 Source: vim Architecture: source Version: 2:9.0.0135-1 Distribution: unstable Urgency: medium Maintainer: Debian Vim Maintainers <team+vim@tracker.debian.org> Changed-By: James McCoy <jamessan@debian.org> Closes: 136455 761800 954016 954113 1010839 1015984 1016068 Changes: vim (2:9.0.0135-1) unstable; urgency=medium . * Merge upstream patch v8.2.5172 + ftplugin/perl.vim: Only add : to 'isfname' in Perl buffers. (Closes: #761800) + ftplugin/tap.vim: Set fold-related options local to the buffer. (Closes: #954113) + syntax/debcontrol.vim: Fix highlighting of sections with a slash (e.g., "non-free/utils"). (Closes: #1010839) + syntax/tap.vim: Match TODO/SKIP markers case-insensitively. (Closes: #954016) + syntax/perl.vim: Properly highlight code on the same line as the start of a here-doc block. (Closes: #136455) + Various CVE fixes (Closes: #1015984, #1016068) - 8.2.5043: can open a cmdline window from a substitute expression, CVE-2022-1942 - 8.2.5050: using freed memory when searching for pattern in path, CVE-2022-1968 - 8.2.5063: error for a command may go over the end of IObuff, CVE-2022-2000 - 8.2.5120: searching for quotes may go over the end of the line, CVE-2022-2124 - 8.2.5122: lisp indenting may run over the end of the line, CVE-2022-2125 - 8.2.5123: using invalid index when looking for spell suggestions, CVE-2022-2126 - 8.2.5126: substitute may overrun destination buffer, CVE-2022-2129 - 9.0.0018: going over the end of the typeahead, CVE-2022-2285 - 9.0.0025: accessing beyond allocated memory with the cmdline window, CVE-2022-2288 - 9.0.0035: spell dump may go beyond end of an array, CVE-2022-2304 - 8.2.5162: reading before the start of the line with BS in Replace mode, CVE-2022-2207 - 8.2.4895: buffer overflow with invalid command with composing chars, CVE-2022-1616 - 8.2.4899: with latin1 encoding CTRL-W might go before the cmdline, CVE-2022-1619 - 8.2.4919: can add invalid bytes with :spellgood, CVE-2022-1621 - 8.2.4956: reading past end of line with "gf" in Visual block mode, CVE-2022-1720 - 8.2.4977: memory access error when substitute expression changes window, CVE-2022-1785 - 8.2.5013: after text formatting cursor may be in an invalid position, CVE-2022-1851 - 8.2.5023: substitute overwrites allocated buffer, CVE-2022-1897 - 8.2.5024: using freed memory with "]d", CVE-2022-1898 - 9.0.0060: accessing uninitialized memory when completing long line, CVE-2022-2522 * Temporarily skip Test_Debugger_breakadd_expr Checksums-Sha1: c52d67f33d741d9fb5c40a5d803a0bf63000280e 3168 vim_9.0.0135-1.dsc 279eaec7eb3250f1c0d493ecd0e2aca5fb28788f 10917252 vim_9.0.0135.orig.tar.xz e1d834c7aec33b6b3683cceb248f07e903039475 158664 vim_9.0.0135-1.debian.tar.xz Checksums-Sha256: ca02cff05c6ad79f7674fa3fb8327293aaa51dfb3839b9fd17ed0679c09e58ff 3168 vim_9.0.0135-1.dsc e7ff123fa1d56350cd064cdc54a27ea4b40c5b985fe11e030e764cb70e182999 10917252 vim_9.0.0135.orig.tar.xz 14bebc3605ec3caaa93d449e4f8c7608fc2efe63675506b31c8d43ad67db72ce 158664 vim_9.0.0135-1.debian.tar.xz Files: 20c365e992b29288f61890f6dd636cc3 3168 editors optional vim_9.0.0135-1.dsc bcd64eca7d2a54543f895da2abe9972c 10917252 editors optional vim_9.0.0135.orig.tar.xz a0ac2b8273dba8fa9b0ecf60ec3f3d8d 158664 editors optional vim_9.0.0135-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAmLrAxdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIUHGphbWVzc2Fu QGRlYmlhbi5vcmcACgkQ3+aRrjMbo9sw9xAAoRJd5U0qFsMUVln+AVrLEUl2A9jp uUmIoQMEEaVGeTS3uR2OIUOuCHokzcHE8plmUhJ1d7Hh7Z2FkOJGBRt/dMlRtfqk Th3giwzvfPhxDNeNgZ0ghYXUbNucRvoZYfnqBZKJnaCmOlzG4QXoQ+iYX5z6E3ba 0Fc8fwUhFjl1Cos1w8h2AkNMOeZofR2BygS2h9+hs5VeAyb8/FJM2PiwhZEyZs7O U+6FNvo/BEFT0TdCVW3fw/R6BAQ3tFPhfMlyGT7jODs7x6CQaoq8FSI0v5sRTzwJ G7/2HqOa9gY7yd75CnIddcpD7TnLdz3d8Io7e27QLwv0hWiqs+VlJHM0knkaD/1o +VoLHlxvNANJjkgNYiaQIkVkxUzSuUBVPwHwQNg7Sv+0z9+u4lIF51mzdr/11jvd 0skxuvneraaFeI55+OhRFXt7UyOfiCH+vhgkzIbvytodNXGBuryPSHwiKV+AyWQZ cXj/3YUZR87AgJQD7t7OoKY2sS5AbrZRCcJ1UtPDvvoEFAEo35EGBi/XgM1/kta+ fdqIF+uWwYb15k/dXWIgX95qCsJPaDaotO2EUnvVGH0T4hSw73jlBkIOKoidhjTF rztu07abKw2RLCUMHoaee3goylQbj8wKOq23KElftqQoEK7M3z9M9KM1LbAVP6SS dIhjq5d0mW5F6Qs= =k3TW -----END PGP SIGNATURE-----