-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 16 Jul 2019 01:05:10 -0400 Source: neovim Binary: neovim neovim-runtime Architecture: amd64 Version: 0.1.7-4+deb9u1 Distribution: stretch-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: James McCoy Description: neovim - heavily refactored vim fork neovim-runtime - heavily refactored vim fork (runtime files) Closes: 930024 Changes: neovim (0.1.7-4+deb9u1) stretch-security; urgency=high . * Backport upstream patches to address CVE-2019-12735 (Closes: #930024) + vim-patch-8.0.0649 and vim-patch-8.0.0650: autocmd open help 2 times + vim-patch:8.1.0066: nasty autocommand causes using freed memory + vim-patch:8.1.0067: syntax highlighting not working when re-entering a buffer + vim-patch:8.1.0177: defining function in sandbox is inconsistent + vim-patch:8.1.0189: function defined in sandbox not tested + vim-patch:8.1.0205: invalid memory access with invalid modeline + vim-patch:8.1.0506: modeline test fails when run by root + vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command + vim-patch:8.1.0539: cannot build without the sandbox + vim-patch:8.1.0540: may evaluate insecure value when appending to option + vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error + vim-patch:8.1.0546: modeline test with keymap fails + vim-patch:8.1.0547: modeline test with keymap still fails + vim-patch:8.1.0613: when executing an insecure function the secure flag is stuck + vim-patch:8.1.1046: the "secure" variable is used inconsistently + vim-patch:8.1.1365: :source should check sandbox + vim-patch:8.1.1366: using expressions in a modeline is unsafe + vim-patch:8.1.1367: can set 'modelineexpr' in modeline + vim-patch:8.1.1368: modeline test fails with python but without pythonhome + vim-patch:8.1.1382: error when editing test file + vim-patch:8.1.1401: misspelled mkspellmem as makespellmem Checksums-Sha1: e15496fc836afa02164a5be0f10338f6e2570a86 3585334 neovim-dbgsym_0.1.7-4+deb9u1_amd64.deb 71482350ff0b007cd96b712c93d0b2d5b5f628fc 8042 neovim_0.1.7-4+deb9u1_amd64.buildinfo 80dd96bcab0adb54be5d516cd20b2b96fcd12d8a 1108640 neovim_0.1.7-4+deb9u1_amd64.deb Checksums-Sha256: 714f0cc1cc9ce8797eee7de3acbb11b6f4d7a988967124b9a7030615a9b4f76f 3585334 neovim-dbgsym_0.1.7-4+deb9u1_amd64.deb 5de6b9e2804832716a1ee1870a4e1ea818c6c473abe082e53b2a859ae21e105c 8042 neovim_0.1.7-4+deb9u1_amd64.buildinfo fb7f3cb886c5884c36d7caab2f46ab879df31b2ebb3489d4e7d2193c8ba92ada 1108640 neovim_0.1.7-4+deb9u1_amd64.deb Files: 4596153b2b708ab70155f46e2be45786 3585334 debug extra neovim-dbgsym_0.1.7-4+deb9u1_amd64.deb 5aacf6530c0859d771a4ae85adb985c7 8042 editors extra neovim_0.1.7-4+deb9u1_amd64.buildinfo 878f6f80c762217bad376967f1b69196 1108640 editors extra neovim_0.1.7-4+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfQCLkDuIfHLCXwkJVmLYJthWcBwFAl02XdMACgkQVmLYJthW cBwt5w/+M59KR8KpU9XvoV7lJxOvDKEY40n0VdZ9jO8RDWqN2KdHuMjNrnefF1wE DnCTXmtE6Pvcoj3VlgZ9MEaBGBnw3p4NGnKMwmnETy3ceZqq5o6Fxaui0S4YPvu0 T3tawgZfijeSN6+LCN6o04Pin0AA1WOpM05xnxjbTw12nbSJM1EnEGUI2W2cCH84 ZS2bcr6LCs5X/SRlJlaHr3G9//a7BBC3XUltxV4PhDUvLAtqPgPPqtnwSFk5mBkX 8jWD8r2DFzQLLq1gupTO7r7hdBN3Vet6KMIHMHPiTaXtKr9Bm6Y8whQkHwddaGPq b3gEu52o47J/iMDkWNcp5a7pC07Fy5lojWrb5cwZ639COKMu+brFkZ/e7q7/Hf9t imNaVkz23lmAUuf68hkrbBgfaKQ+GLM1dOlMfnDvRkYLdqlHPMiYi6gNjsLKfUdd o2GAc6WB7sZ4fhB08A9e8wj5XO98dz7QlVNCpNKrT+7TT9NdpHPG0AP1vI2ztfOy tO0UopuATiKTCL9Kyo3yt6e/vFhgw9lFJh/wjDUf8KNLBYvcdJgYfb2F3drNmYUh PPuKZbT5VBUYe1dO5QzbQrW+eBuWs5Ms7Ndpgp6s8u2y8+1/CmDuEu871dbQDFOD fv+3mV5W+4uqziVcQfpwV/Y793fBiKnLk/tFnmFBqVVzS4pPE+0= =qyqD -----END PGP SIGNATURE-----