Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Deepin Integration]~[V23-Beta3] feat: update vim to 2:9.1.0777-1 by deepin-community-bot[bot]@deepin-community/vim by deepin-community-ci-bot[bot] #10862

Closed
deepin-bot bot opened this issue Nov 8, 2024 · 5 comments
Closed

[Deepin Integration]~[V23-Beta3] feat: update vim to 2:9.1.0777-1 by deepin-community-bot[bot]@deepin-community/vim by deepin-community-ci-bot[bot] #10862

deepin-bot bot opened this issue Nov 8, 2024 · 5 comments
Assignees
@Zeno-sole
Labels
Project:integrated 集成管理相关 罗鑫思 罗鑫思
Milestone
V23-Beta3

Comments

@deepin-bot
Copy link

deepin-bot bot commented Nov 8, 2024

Package information | 软件包信息

包名 版本
vim 2:9.1.0777-1

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-2190/testing/ ./

Changelog | 更新信息

vim (2:9.1.0777-1) unstable; urgency=medium

  • Merge upstream patch v9.1.0777
    • Security fixes:
      • 9.1.0764: Fix use-after-free when closing a buffer in a BufWinLeave
        autocmd, CVE-2024-47814
  • Make autopkgtests validate the language bindings. The previous
    autopkgtests ran the entire upstream test suite whose flakiness made it
    useless as a marker for whether a package update broke Vim. Since the
    language bindings are the most likely to be affected by package updates,
    just test those in autopkgtests and remove the "flaky" restriction.
  • Declare compliance with Policy 4.7.0, no changes required
@deepin-bot deepin-bot bot added the Project:integrated 集成管理相关 label Nov 8, 2024
@deepin-bot deepin-bot bot added this to the V23-Beta3 milestone Nov 8, 2024
@deepin-bot deepin-bot bot moved this to In progress in v23-集成管理 Nov 8, 2024
@deepin-bot
Copy link
Author

deepin-bot bot commented Nov 8, 2024
edited by UTsweetyfish
Loading

Integration Test Info

安全更新

GHSA: GHSA-rj48-v4mq-j4vg

use-after-free when closing buffers in Vim < 9.1.0764

Date: 06.10.2024
Severity: Low
CVE: CVE-2024-47814
CWE: Use After Free (CWE-416)

deepin-community/sig-deepin-security#10

Test suggestion | 测试建议

Influence | 影响范围

ADDITIONAL INFORMATION | 额外补充

@github-actions github-actions bot mentioned this issue Nov 8, 2024
Open
@deepin-bot
Copy link
Author

deepin-bot bot commented Nov 8, 2024

IntegrationProjector Notify the author
@deepin: Integrated issue updated

@deepin-bot
Copy link
Author

deepin-bot bot commented Nov 8, 2024

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#2190

@babyfengfjx babyfengfjx assigned luodeepin and unassigned babyfengfjx Nov 8, 2024
@babyfengfjx babyfengfjx moved this from In progress to 测试中 in v23-集成管理 Nov 8, 2024
@babyfengfjx babyfengfjx added the 罗鑫思 罗鑫思 label Nov 8, 2024
@babyfengfjx
Copy link

@luodeepin 请开展集成验证。

@luodeepin
Copy link

luodeepin commented Nov 11, 2024
edited
Loading

测试通过

  1. 包版本正确
  2. 发散测试 VIM命令正常可用
  3. 没有新增严重问题

@luodeepin luodeepin assigned Zeno-sole and unassigned luodeepin Nov 11, 2024
@luodeepin luodeepin moved this from 测试中 to 测试通过 in v23-集成管理 Nov 11, 2024
@Zeno-sole Zeno-sole moved this from 测试通过 to 已集成 in v23-集成管理 Nov 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zeno-sole Zeno-sole

Labels
Project:integrated 集成管理相关 罗鑫思 罗鑫思
Projects
v23-集成管理
Archived in project
Milestone
V23-Beta3
Development

No branches or pull requests
4 participants
@babyfengfjx @Zeno-sole @hudeng-go @luodeepin