[SCM] Vim packaging branch, maint/lenny, updated. debian/7.1.314-3-51-g209709e
James Vega
jamessan at debian.org
Sun Oct 12 06:29:44 UTC 2008
The following commit has been merged in the maint/lenny branch:
commit 209709e560e50ce22bedc54425eff7c9be280bde
Author: James Vega <jamessan at debian.org>
Date: Sat Oct 11 03:01:56 2008 -0400
Initial changelog for 1:7.1.314-3+lenny1
Whether or not all this sticks depends on the RMs...
Signed-off-by: James Vega <jamessan at debian.org>
diff --git a/debian/changelog b/debian/changelog
index 9391866..4d743ee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,39 @@
+vim (1:7.1.314-3+lenny1) testing-proposed-updates; urgency=low
+
+ * Cherry-pick patches from upstream to address filename escaping
+ vulnerabilities
+ - 7.2a.013 shellescape() does not escape "%" and "#" characters
+ - 7.2b.005 shellescape() doesn't take care of "!" and "\n"
+ - 7.2b.018 cmdline completion on shell cmd fails on file containing '!'
+ - 7.2b.026 GTK 2 file chooser causes significant slowdown (Closes:
+ #456897, #384635)
+ - 7.2c.002 fnameescape() doesn't handle a leading '+' or '>'
+ - 7.2.010 "K" in Visual mode does not properly escape all characters
+ (CVE 2008-4101, Closes: #500381)
+ + src/normal.c: Only use the word under the cursor, instead of the
+ entire line after the cursor, when constructing the shell command to
+ run.
+ * Update runtime files affected by filename escape vulnerabilities.
+ (CVE 2008-2712, Closes: #486502)
+ * src/spell.c: Stop reading when EOF is reached to avoid allocing large
+ amounts of memory.
+ * src/main.c: After further discussion with upstream, revert behavior of
+ -N/-C causing (no)compatible to be set after all startup files/plugins are
+ sourced, c.f. #438560.
+ * debian/control: vim-runtime Depends on dpkg >= 1.14.20 for sane
+ dpkg-divert behavior
+ * debian.vim: Do not enable 'autoindent' and filetype plugins by default.
+ * Add NEWS item for change in default configuration.
+ * runtime/autoload/netrw.vim: Fix deletion of incorrect file in wide display
+ listing. Using Jan Minář's patch from the vim-dev list. (Closes:
+ #492519)
+ * Improve handling of transition from vim-runtime Replacing vim-tiny to
+ using diversions to manage their conflicting files. (Closes: #492450)
+ * Add vim-runtime.preinst to handle moving /etc/vim/vimrc.tiny from
+ vim-common to vim-tiny. (Closes: #499451)
+
+ -- James Vega <jamessan at debian.org> Sat, 11 Oct 2008 03:01:50 -0400
+
vim (1:7.1.314-3) unstable; urgency=high
* Update runtime files affected by the filename escape vulnerability.
--
Vim packaging
More information about the pkg-vim-maintainers
mailing list