[SCM] Vim packaging branch, maint/lenny, updated. debian/7.1.314-3-51-g209709e

James Vega jamessan at debian.org
Sun Oct 12 06:29:44 UTC 2008


The following commit has been merged in the maint/lenny branch:
commit 209709e560e50ce22bedc54425eff7c9be280bde
Author: James Vega <jamessan at debian.org>
Date:   Sat Oct 11 03:01:56 2008 -0400

    Initial changelog for 1:7.1.314-3+lenny1
    
    Whether or not all this sticks depends on the RMs...
    
    Signed-off-by: James Vega <jamessan at debian.org>

diff --git a/debian/changelog b/debian/changelog
index 9391866..4d743ee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,39 @@
+vim (1:7.1.314-3+lenny1) testing-proposed-updates; urgency=low
+
+  * Cherry-pick patches from upstream to address filename escaping
+    vulnerabilities
+    - 7.2a.013 shellescape() does not escape "%" and "#" characters
+    - 7.2b.005 shellescape() doesn't take care of "!" and "\n"
+    - 7.2b.018 cmdline completion on shell cmd fails on file containing '!'
+    - 7.2b.026 GTK 2 file chooser causes significant slowdown  (Closes:
+      #456897, #384635)
+    - 7.2c.002 fnameescape() doesn't handle a leading '+' or '>'
+    - 7.2.010 "K" in Visual mode does not properly escape all characters
+      (CVE 2008-4101, Closes: #500381)
+      + src/normal.c: Only use the word under the cursor, instead of the
+        entire line after the cursor, when constructing the shell command to
+        run.
+  * Update runtime files affected by filename escape vulnerabilities.
+    (CVE 2008-2712, Closes: #486502)
+  * src/spell.c: Stop reading when EOF is reached to avoid allocing large
+    amounts of memory.
+  * src/main.c: After further discussion with upstream, revert behavior of
+    -N/-C causing (no)compatible to be set after all startup files/plugins are
+    sourced, c.f. #438560.
+  * debian/control: vim-runtime Depends on dpkg >= 1.14.20 for sane
+    dpkg-divert behavior
+  * debian.vim: Do not enable 'autoindent' and filetype plugins by default.
+  * Add NEWS item for change in default configuration.
+  * runtime/autoload/netrw.vim: Fix deletion of incorrect file in wide display
+    listing.  Using Jan Minář's patch from the vim-dev list.  (Closes:
+    #492519)
+  * Improve handling of transition from vim-runtime Replacing vim-tiny to
+    using diversions to manage their conflicting files.  (Closes: #492450)
+  * Add vim-runtime.preinst to handle moving /etc/vim/vimrc.tiny from
+    vim-common to vim-tiny.  (Closes: #499451)
+
+ -- James Vega <jamessan at debian.org>  Sat, 11 Oct 2008 03:01:50 -0400
+
 vim (1:7.1.314-3) unstable; urgency=high
 
   * Update runtime files affected by the filename escape vulnerability.

-- 
Vim packaging



More information about the pkg-vim-maintainers mailing list