openSUSE: 2019:1759-1: important: neovim

    Date21 Jul 2019
    CategoryopenSUSE
    215
    Posted ByLinuxSecurity Advisories
    An update that fixes one vulnerability is now available.
       openSUSE Security Update: Security update for neovim
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1759-1
    Rating:             important
    References:         #1137443 
    Cross-References:   CVE-2019-12735
    Affected Products:
                        openSUSE Leap 15.1
                        openSUSE Leap 15.0
    ______________________________________________________________________________
    
       An update that fixes one vulnerability is now available.
    
    Description:
    
       This update for neovim fixes the following issues:
    
       neovim was updated to version 0.3.7:
    
       * CVE-2019-12735: source should check sandbox (boo#1137443)
       * genappimage.sh: migrate to linuxdeploy
    
       Version Update to version 0.3.5:
    
       * options: properly reset directories on 'autochdir'
       * Remove MSVC optimization workaround for SHM_ALL
       * Make SHM_ALL to a variable instead of a compound literal #define
       * doc: mention "pynvim" module rename
       * screen: don't crash when drawing popupmenu with 'rightleft' option
       * look-behind match may use the wrong line number
       * :terminal : set topline based on window height
       * :recover : Fix crash on non-existent *.swp
    
       Version Update to version 0.3.4:
    
       * test: add tests for conceal cursor movement
       * display: unify ursorline and concealcursor redraw logic
    
       Version Update to version 0.3.3:
    
       * health/provider: Check for available pynvim when neovim mod is missing
       * python#CheckForModule: Use the given module string instead of
         hard-coding pynvim
       * (health.provider)/python: Import the neovim, rather than pynvim, module
       * TUI: Konsole DECSCUSR fixup
    
       Version Update to version 0.3.2:-
    
       * Features
    
         - clipboard: support Custom VimL functions (#9304)
         - win/TUI: improve terminal/console support (#9401)
         - startup: Use $XDG_CONFIG_DIRS/nvim/sysinit.vim if exists (#9077)
         - support mapping in more places (#9299)
         - diff/highlight: show underline for low-priority CursorLine (#9028)
         - signs: Add "nuhml" argument (#9113)
         - clipboard: support Wayland (#9230)
         - TUI: add support for undercurl and underline color (#9052)
         - man.vim: soft (dynamic) wrap (#9023)
    
       * API
    
         - API: implement object namespaces (#6920)
         - API: implement nvim_win_set_buf() (#9100)
         - API: virtual text annotations (nvim_buf_set_virtual_text) (#8180)
         - API: add nvim_buf_is_loaded() (#8660)
         - API: nvm_buf_get_offset_for_line (#8221)
         - API/UI: ext_newgrid, ext_histate (#8221)
    
       * UI
    
         - TUI: use BCE again more often (smoother resize) (#8806)
         - screen: add missing status redraw when redraw_later(CLEAR) was used
           (#9315)
         - TUI: clip invalid regions on resize (#8779)
         - TUI: improvements for scrolling and clearing (#9193)
         - TUI: disable clearing almost everywhere (#9143)
         - TUI: always use safe cursor movement after resize (#9079)
         - ui_options: also send when starting or from OptionSet (#9211)
         - TUI: Avoid reset_color_cursor_color in old VTE (#9191)
         - Don't erase screen on :hi Normal during startup (#9021)
         - TUI: Hint wrapped lines to terminals (#8915)
    
       * FIXES
    
         - RPC: turn errors from async calls into notifications
         - TUI: Restore terminal title via "title stacking" (#9407)
         - genappimage: Unset $ARGV0 at invocation (#9376)
         - TUI: Konsole 18.07.70 supports DECSCUSR (#9364)
         - provider: improve error message (#9344)
         - runtime/syntax: Fix highlighting of autogroup contents (#9328)
         - VimL/confirm(): Show dialog even if :silent (#9297)
         - clipboard: prefer xclip (#9302)
         - provider/nodejs: fix npm, yarn detection
         - channel: avoid buffering output when only terminal is active (#9218)
         - ruby: detect rbenv shims for other versions (#8733)
         - third party/unibilium: Fix parsing of extended capabilitiy entries
           (#9123)
         - jobstart(): Fix hang on non-executable cwd (#9204)
         - provide/nodejs: Simultaneously query npm and yarn (#9054)
         - undo: Fix infinite loop if undo_read_byte returns EOF (#2880)
         - 'swapfile: always show dialog' (#9034)
    
       - Add to the system-wide configuration file extension of runtimepath by
         /usr/share/vim/site, so that neovim uses other Vim plugins installed
         from packages.
    
       - Add /usr/share/vim/site tree of directories to be owned by neovim as
         well.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2019-1759=1
    
       - openSUSE Leap 15.0:
    
          zypper in -t patch openSUSE-2019-1759=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (x86_64):
    
          neovim-0.3.7-lp151.2.7.1
          neovim-debuginfo-0.3.7-lp151.2.7.1
          neovim-debugsource-0.3.7-lp151.2.7.1
    
       - openSUSE Leap 15.1 (noarch):
    
          neovim-lang-0.3.7-lp151.2.7.1
    
       - openSUSE Leap 15.0 (x86_64):
    
          neovim-0.3.7-lp150.13.1
          neovim-debuginfo-0.3.7-lp150.13.1
          neovim-debugsource-0.3.7-lp150.13.1
    
       - openSUSE Leap 15.0 (noarch):
    
          neovim-lang-0.3.7-lp150.13.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-12735.html
       https://bugzilla.suse.com/1137443
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":61.54,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":23.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":15.38,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.