-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Jun 2019 21:21:33 -0400 Source: neovim Architecture: source Version: 0.3.4-3 Distribution: unstable Urgency: high Maintainer: Debian Vim Maintainers <team+...@tracker.debian.org> Changed-By: James McCoy <james...@debian.org> Closes: 930024 Changes: neovim (0.3.4-3) unstable; urgency=high . * Backport additional changes to address CVE-2019-12735 (Closes: #930024) + vim-patch:8.1.0177: defining function in sandbox is inconsistent + vim-patch:8.1.0189: function defined in sandbox not tested + vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command + vim-patch:8.1.0539: cannot build without the sandbox + vim-patch:8.1.0540: may evaluate insecure value when appending to option + vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error + vim-patch:8.1.0613: when executing an insecure function the secure flag is stuck + vim-patch:8.1.1046: the "secure" variable is used inconsistently + vim-patch:8.1.0205: invalid memory access with invalid modeline + vim-patch:8.1.0206: duplicate test function name + vim-patch:8.1.0506: modeline test fails when run by root + vim-patch:8.1.0546: modeline test with keymap fails + vim-patch:8.1.0547: modeline test with keymap still fails + vim-patch:8.1.1366: using expressions in a modeline is unsafe + vim-patch:8.1.1367: can set 'modelineexpr' in modeline + vim-patch:8.1.1368: modeline test fails with python but without pythonhome + vim-patch:8.1.1382: error when editing test file + vim-patch:8.1.1401: misspelled mkspellmem as makespellmem * Backport patch to prevent use of nvim's API within the sandbox Checksums-Sha1: 2b469eb20f9c15a791f55f880b795fae43cb1e2a 2639 neovim_0.3.4-3.dsc 92e3dc08924e1554fe78e592433b1b598f3b0296 26884 neovim_0.3.4-3.debian.tar.xz be038d319b0e6cbead906a4c39ba9db1b21cf5af 8218 neovim_0.3.4-3_amd64.buildinfo Checksums-Sha256: 317fddb847548883de032b71c8923e79ba03568e14285cd78077cf22ead8230a 2639 neovim_0.3.4-3.dsc aea5b17551716f438a0a061c027850f0ec09b0b36cc0c37b4055703e06b4f9b6 26884 neovim_0.3.4-3.debian.tar.xz b000ccded8321f145249b904bd199a4b294cabf6bbbded621eb0179ba6083e6a 8218 neovim_0.3.4-3_amd64.buildinfo Files: b7df3c0ff912856357144c08e3f7b5ca 2639 editors optional neovim_0.3.4-3.dsc 381c3d4d41720d420dec4e0d8b71996f 26884 editors optional neovim_0.3.4-3.debian.tar.xz b9e96215f900b27e988793b8467b8587 8218 editors optional neovim_0.3.4-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQKSBAEBCgB9FiEEkb+/TWlWvV33ty0j3+aRrjMbo9sFAl0UIJtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDkx QkZCRjRENjk1NkJENURGN0I3MkQyM0RGRTY5MUFFMzMxQkEzREIACgkQ3+aRrjMb o9sxTQ/2OGjnJNnlDyOQeYBQO+4KOxfBLyEI0Nc3JejAqBGt37AYu1fQcl7uetDm G7DkC/vOfZzCV98h0R+VOAj/2KszTXu7oKNyJbNXmW0mqqH66VaiJMWtQgwTqfyE rJS6rUY7Hnx9x4LF/fv85W0jM0/SrTTEC0knHLRxlwUe7VUf1zeKueOT0yg+Tpcx oz2lWWK4foa4Nja/7/HvW3DSQiSzofZoCa5uKugcO5RPrpBrPBC90fSAKsACtlz1 DP1MpympljqqBBx26/91eM28vLQJZPpN82KZW5CTVgp56z8EPmyuQf8IOHFAKqOe NM8bYz0C3uGceyMXzVMOnLIKUQ0nb44pj+SBkDkGGXCq1P5NBuI3cZ0Uexz3SMeW GIDtVuyQFp7uHqZXViC8QQlrqeubZdK7+GkkDXPGEcG4ETdppyo047wv7Evk6TmZ 12ElUwmeX5We/78ZqbWZQjKW6EAx7fCS8eQh13In5SKtZJxRIkKly4tSpgdMpHdb wlYoV/KeukSX5VbVjm6XMFzCVhQ0tpG5TN1cFT0TwS+dzqpED7GORBhfw0y4MQeH 4rXnU+m5ll2HzrCnlPs0u++QeMk+8gxiBfi+OTAYqbEkqo5l7gUJbX13rVziaakO Ra+Dp1aREA7/U0D0Ju6kXu+cX9CCH5SHu4YHVmmZOI+M8y4H1w== =H36Y -----END PGP SIGNATURE-----