r1018 - in /branches/packages/vim/sarge: debian/changelog upstream/patches/6.3.900

jamessan at users.alioth.debian.org jamessan at users.alioth.debian.org
Sat Sep 1 22:33:14 UTC 2007 

Author: jamessan
Date: Sat Sep  1 22:33:14 2007
New Revision: 1018

URL: http://svn.debian.org/wsvn/pkg-vim/?sc=1&rev=1018
Log:
Add upstream patch 7.1.039 to fix CVE 2007-2953

Added:
    branches/packages/vim/sarge/upstream/patches/6.3.900
Modified:
    branches/packages/vim/sarge/debian/changelog

Modified: branches/packages/vim/sarge/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-vim/branches/packages/vim/sarge/debian/changelog?rev=1018&op=diff
==============================================================================
--- branches/packages/vim/sarge/debian/changelog (original)
+++ branches/packages/vim/sarge/debian/changelog Sat Sep  1 22:33:14 2007
@@ -1,3 +1,9 @@
+vim (1:6.3-071+1sarge2) oldstable-security; urgency=high
+
+  * Fix format string vulnerability in helptags handling (CVE-2007-2953).
+
+ -- Moritz Muehlenhoff <jmm at debian.org>  Sun, 25 Aug 2007 10:25:04 +0000
+
 vim (1:6.3-071+1sarge1) stable; urgency=high
 
   * New upstream patches (081 and 082), see README.gz for details.

Added: branches/packages/vim/sarge/upstream/patches/6.3.900
URL: http://svn.debian.org/wsvn/pkg-vim/branches/packages/vim/sarge/upstream/patches/6.3.900?rev=1018&op=file
==============================================================================
--- branches/packages/vim/sarge/upstream/patches/6.3.900 (added)
+++ branches/packages/vim/sarge/upstream/patches/6.3.900 Sat Sep  1 22:33:14 2007
@@ -1,0 +1,57 @@
+To: vim-dev at vim.org
+Subject: patch 7.1.039
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.1.039
+Problem:    A tag in a help file that starts with "help-tags" and contains a
+	    percent sign may make Vim crash. (Ulf Harnhammar)
+Solution:   Use puts() instead of fprintf().
+Files:	    src/ex_cmds.c
+
+
+*** ../vim-7.1.038/src/ex_cmds.c	Tue Jul 24 11:15:46 2007
+--- src/ex_cmds.c	Wed Jul 25 20:06:20 2007
+***************
+*** 6374,6382 ****
+  	for (i = 0; i < ga.ga_len; ++i)
+  	{
+  	    s = ((char_u **)ga.ga_data)[i];
+! 	    if (STRNCMP(s, "help-tags", 9) == 0)
+  		/* help-tags entry was added in formatted form */
+! 		fprintf(fd_tags, (char *)s);
+  	    else
+  	    {
+  		fprintf(fd_tags, "%s\t/*", s);
+--- 6374,6382 ----
+  	for (i = 0; i < ga.ga_len; ++i)
+  	{
+  	    s = ((char_u **)ga.ga_data)[i];
+! 	    if (STRNCMP(s, "help-tags\t", 10) == 0)
+  		/* help-tags entry was added in formatted form */
+! 		fputs((char *)s, fd_tags);
+  	    else
+  	    {
+  		fprintf(fd_tags, "%s\t/*", s);
+*** ../vim-7.1.038/src/version.c	Tue Jul 24 15:25:27 2007
+--- src/version.c	Wed Jul 25 22:41:18 2007
+***************
+*** 668,669 ****
+--- 668,671 ----
+  {   /* Add new patch number below this line */
++ /**/
++     39,
+  /**/
+
+-- 
+On the other hand, you have different fingers.
+                                      -- Steven Wright
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\        download, build and distribute -- http://www.A-A-P.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

More information about the pkg-vim-maintainers mailing list