-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Feb 2025 13:23:41 +0800 Source: vim Architecture: source Version: 2:9.0.1378-2+deb12u2 Distribution: bookworm Urgency: high Maintainer: Debian Vim Maintainers <team+vim@tracker.debian.org> Changed-By: Sean Whitton <spwhitton@spwhitton.name> Closes: 1035955 1053694 1084806 Changes: vim (2:9.0.1378-2+deb12u2) bookworm; urgency=high . * Drop test case from CVE-2023-2610.patch. This test was breaking the build on a number of architectures. The test was removed upstream for similar reasons. Thanks to James McCoy for reporting the problem. . vim (2:9.0.1378-2+deb12u1) bookworm; urgency=high . * Backport security fixes: - 9.0.1532: Crash when expanding "~" in substitute (Closes: #1035955, CVE-2023-2610) - 9.0.1848: buffer-overflow in vim_regsub_both() (CVE-2023-4738) - 9.0.1858: heap use after free in ins_compl_get_exp() (CVE-2023-4752) - 9.0.1873: heap-buffer-overflow in vim_regsub_both (CVE-2023-4781) - 9.0.1969: buffer-overflow in trunc_string() (Closes: #1053694, CVE-2023-5344) - 9.0.2142: stack-buffer-overflow in option callback functions (CVE-2024-22667) - 9.1.0697: heap-buffer-overflow in ins_typebuf (CVE-2024-43802) - 9.1.0764: use-after-free when closing a buffer (Closes: #1084806, CVE-2024-47814). Checksums-Sha1: c5236506305abebd78507a65eaccdfb2434a2762 3058 vim_9.0.1378-2+deb12u2.dsc 87b8565864574be2a70053f737adbea900af7409 189544 vim_9.0.1378-2+deb12u2.debian.tar.xz Checksums-Sha256: aa797fe95fa4ba55811b599f34c2e35b0ef3dedfea85dfe4b45cce29173a2d91 3058 vim_9.0.1378-2+deb12u2.dsc 8de06019fc513fc9c335de050966774f6fb20fc011fbb5d50e8a841dbce91fa2 189544 vim_9.0.1378-2+deb12u2.debian.tar.xz Files: 618788b89df19e6652b6305a55aa20af 3058 editors optional vim_9.0.1378-2+deb12u2.dsc 4647831f7908608f887303ed05f9fe36 189544 editors optional vim_9.0.1378-2+deb12u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmexspcACgkQaVt65L8G YkAb7RAAsCR7vdiKiZuF50fVIw0xtAT8y+B8RwrZKbUs2zvGkPKxHQc7Pa90F11k PF5r6+BNqCgvkEyMhP9Z8VDqV0UyJjD71+8pRsTxufFue1w8ICyZGh0515X9+B0P /L+bg8QQYD5UxGqqc9zEtOGC+FIV2TiWVyMJeO2rXLcXaDCv87NorbEZSZjgkebQ swCiG2iqJiuRa8ocv48eruehtNzxVo0u3ZglPAoAQALmjriPVeteGOrs/oMJq9GW HzrqTK0YUwNO2GZw4K994mKrnMmOa2gHwpKG74jxm4nEDjoZ+2Sl6yh7T0/UYz0+ dbCZxf+ClY20HM/y3OMNmAMe+WItp/orWbk1Tl1dISVa2vNR9lN7EaxHgBmI4y6I azh7UNItyMmrL07UVPWfk+VPMdrDf7F3dYdcWs8gKel5xiSLs7q7duEsFPpR/zrn SIRkuI8d9YdFn4bHMLoWLx1BkXTj/3EQb5+nprfIQkXVeFJQrgAUZpP7QD2EmVcV wYcVUtDtWse6Mb3PyWMJY7OFD5bWDLJvI3FvhwBu4s33/auxCZaU2CdZ9u1P/Vqp /UqrlHUipPoPSvlmURddtBkW3z7SJX5z/pF2ctyqBNOARHep7szB7KIM7JoRqPnR hI1RkhlHtf7gwIaANHwgVKJOMqSvhcVyxPzdhJnK59KSKj86b0M= =9d1r -----END PGP SIGNATURE-----
