[SCM] Vim packaging branch, maint/lenny, updated. debian/7.1.314-3-15-g38d7262
James Vega
jamessan at debian.org
Tue Aug 5 23:28:33 UTC 2008
The following commit has been merged in the maint/lenny branch:
commit 38d72624b1c9e2a478b40dd7ec5c866cae3c5b6b
Merge: c7be9679b73c7d47f3c2c15f849c58a4fbf34b09 acf485628aa86f27d9db28cb4117851c51ca907d
Author: James Vega <jamessan at debian.org>
Date: Tue Aug 5 19:23:02 2008 -0400
Merge commit 'debian/7.1.314-3' into maint/lenny
Conflicts:
debian/changelog
runtime/autoload/netrw.vim
runtime/autoload/tar.vim
runtime/autoload/vimball.vim
runtime/autoload/zip.vim
runtime/doc/eval.txt
runtime/plugin/tarPlugin.vim
src/ex_getln.c
src/version.c
Signed-off-by: James Vega <jamessan at debian.org>
diff --combined debian/changelog
index 10002e4,e1bf5a2..9391866
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,11 -1,65 +1,73 @@@
+ vim (1:7.1.314-3) unstable; urgency=high
+
+ * Update runtime files affected by the filename escape vulnerability.
+ (CVE 2008-2712, Closes: #486502)
+ * debian/vim-runtime.preinst:
+ - Only add the diversions if the preinst is called with the "install" or
+ "upgrade" (to handle the previous mishandling in postrm) arguments.
+ * debian/vim-runtime.postrm:
+ - Only remove the diversions if the postrm is called with the "remove"
+ argument. (Closes: #486446)
+ * runtime/menu.vim:
+ - Escape the buffer name when using the "Window -> Split File Explorer"
+ menu item. (Closes: #486417)
+
+ -- James Vega <jamessan at debian.org> Tue, 17 Jun 2008 11:12:18 -0400
+
+ vim (1:7.1.314-2) unstable; urgency=low
+
+ * debian/rules:
+ - Tell configure to only check the GUI toolkit specific to the variant
+ being built. (Closes: #486319, #486336)
+ * runtime/ftplugin/debchangelog.vim:
+ - Merge Launchpad bug completion from Ubuntu.
+ - Specify the full path when calling apt-listbugs instead of relying on
+ /usr/sbin being in the user's path.
+ - Improve error handling for Launchpad bug completion.
+
+ -- James Vega <jamessan at debian.org> Sun, 15 Jun 2008 12:42:38 -0400
+
+ vim (1:7.1.314-1) unstable; urgency=low
+
+ * New upstream patches (294 - 314), see README.gz for details.
+ - SELinux support merged upstream
+ * Update NetRW to version 125n (pre-release).
+ - Calculate length of multi-byte strings properly. (Closes: #474609)
+ - Display/navigate symlinks to directories properly. (Closes: #474980)
+ * Update vim-git runtime files.
+ * debian/update-patches:
+ - Fix determination of patch level from last commit.
+ - Use debian:debian/README to determine current patch level.
+ - Don't exit on error since that prevents correcting merges.
+ - Use a standard commit message for debian/README.
+ * runtime/ftplugin/debchangelog.vim:
+ - NewVersion() should only call foldopen if folding is enabled.
+ * runtime/macros/justify.vim:
+ - Calculate strlen for multi-byte strings properly. (Closes: #481115)
+ * debian/rules:
+ - Make use of upstream's "shadow" directories so the variants can be built
+ in parallel.
+ - Remove .NOTPARALLEL to allow parallel building.
+ - Remove useless dh_shlibdeps call in the binary-indep target.
+ - Remove autoconf-stamp target since we're no longer patching configure.
+ * debian/vim-runtime.install:
+ - Add new gvimtutor to vim-runtime package.
+ * Very carefully divert vim-tiny's help.txt and helptags so they will still
+ be in place if vim-runtime is removed.
+ * debian/control:
+ - Remove vim-runtime's Replaces of vim-tiny since the conflicting files
+ are now handled by diversions.
+
+ -- James Vega <jamessan at debian.org> Tue, 10 Jun 2008 22:28:10 -0400
+
+vim (1:7.1.293-3+lenny1) testing-security; urgency=high
+
+ * Fix filename escape vulnerabilties in various vim scripts which allows
+ attacker to execute arbitrary code via a crafted filename.
+ (CVE 2008-2712, Closes: #486502)
+
+ -- James Vega <jamessan at debian.org> Sun, 22 Jun 2008 23:49:54 -0400
+
vim (1:7.1.293-3) unstable; urgency=low
* runtime/syntax/debchangelog.vim,debsources.vim:
--
Vim packaging
More information about the pkg-vim-maintainers
mailing list