On Sat, 2021-12-04 at 17:36 +0000, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Mon, 2021-10-04 at 22:22 -0400, James McCoy wrote: > > Various "non DSA" CVEs have accumulated in Vim, and it seemed like > > a > > good idea to get a new upload addressing those. > > > > [ Impact ] > > * CVE-2019-20807 - Shell commands can be executed from rvim > > (restricted > > vim) via the bindings to other programming languages > > * CVE-2021-3770 / #994076 - Invalid memory access when a very large > > number is given to :retab command > > * CVE-2021-3778 / #994498 - Reading beyond end of line when invalid > > utf-8 character is encountered > > * CVE-2021-3796 / #994497 - Using freed memory in replace mode > > > > Please go ahead, thanks.
Unfortunately the builds failed everywhere with a test suite issue: >From test_search.vim: Found errors in Test_search_with_invalid_range(): Caught exception in Test_search_with_invalid_range(): Vim:E867: (NFA) Unknown operator '\%.' @ /<<PKGBUILDDIR>>/src/vim-basic/testdir/Xrangesearch, line 1 TEST FAILURE Regards, Adam
