openSUSE-SU-2019:1997-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1997-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2019:1997-1
Related
Published
2019-08-24T08:20:58Z
Modified
2019-08-24T08:20:58Z
Summary
Security update for neovim
Details

This update for neovim fixes the following issues:

neovim was updated to version 0.3.7:

  • CVE-2019-12735: source should check sandbox (boo#1137443)
  • genappimage.sh: migrate to linuxdeploy

Version Update to version 0.3.5:

  • options: properly reset directories on 'autochdir'
  • Remove MSVC optimization workaround for SHM_ALL
  • Make SHM_ALL to a variable instead of a compound literal #define
  • doc: mention 'pynvim' module rename
  • screen: don't crash when drawing popupmenu with 'rightleft' option
  • look-behind match may use the wrong line number
  • :terminal : set topline based on window height
  • :recover : Fix crash on non-existent *.swp

Version Update to version 0.3.4:

  • test: add tests for conceal cursor movement
  • display: unify ursorline and concealcursor redraw logic

Version Update to version 0.3.3:

  • health/provider: Check for available pynvim when neovim mod is missing
  • python#CheckForModule: Use the given module string instead of hard-coding pynvim
  • (health.provider)/python: Import the neovim, rather than pynvim, module
  • TUI: Konsole DECSCUSR fixup

Version Update to version 0.3.2:-

  • Features

    • clipboard: support Custom VimL functions (#9304)
    • win/TUI: improve terminal/console support (#9401)
    • startup: Use $XDGCONFIGDIRS/nvim/sysinit.vim if exists (#9077)
    • support mapping in more places (#9299)
    • diff/highlight: show underline for low-priority CursorLine (#9028)
    • signs: Add 'nuhml' argument (#9113)
    • clipboard: support Wayland (#9230)
    • TUI: add support for undercurl and underline color (#9052)
    • man.vim: soft (dynamic) wrap (#9023)
  • API

    • API: implement object namespaces (#6920)
    • API: implement nvimwinset_buf() (#9100)
    • API: virtual text annotations (nvimbufsetvirtualtext) (#8180)
    • API: add nvimbufis_loaded() (#8660)
    • API: nvmbufgetoffsetfor_line (#8221)
    • API/UI: extnewgrid, exthistate (#8221)
  • UI

    • TUI: use BCE again more often (smoother resize) (#8806)
    • screen: add missing status redraw when redraw_later(CLEAR) was used (#9315)
    • TUI: clip invalid regions on resize (#8779)
    • TUI: improvements for scrolling and clearing (#9193)
    • TUI: disable clearing almost everywhere (#9143)
    • TUI: always use safe cursor movement after resize (#9079)
    • ui_options: also send when starting or from OptionSet (#9211)
    • TUI: Avoid resetcolorcursor_color in old VTE (#9191)
    • Don't erase screen on :hi Normal during startup (#9021)
    • TUI: Hint wrapped lines to terminals (#8915)
  • FIXES

    • RPC: turn errors from async calls into notifications
    • TUI: Restore terminal title via 'title stacking' (#9407)
    • genappimage: Unset $ARGV0 at invocation (#9376)
    • TUI: Konsole 18.07.70 supports DECSCUSR (#9364)
    • provider: improve error message (#9344)
    • runtime/syntax: Fix highlighting of autogroup contents (#9328)
    • VimL/confirm(): Show dialog even if :silent (#9297)
    • clipboard: prefer xclip (#9302)
    • provider/nodejs: fix npm, yarn detection
    • channel: avoid buffering output when only terminal is active (#9218)
    • ruby: detect rbenv shims for other versions (#8733)
    • third party/unibilium: Fix parsing of extended capabilitiy entries (#9123)
    • jobstart(): Fix hang on non-executable cwd (#9204)
    • provide/nodejs: Simultaneously query npm and yarn (#9054)
    • undo: Fix infinite loop if undoreadbyte returns EOF (#2880)
    • 'swapfile: always show dialog' (#9034)
  • Add to the system-wide configuration file extension of runtimepath by /usr/share/vim/site, so that neovim uses other Vim plugins installed from packages.

  • Add /usr/share/vim/site tree of directories to be owned by neovim as well.

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / neovim

Package

Name
neovim
Purl
pkg:rpm/suse/neovim&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.7-bp151.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "neovim": "0.3.7-bp151.3.3.1",
            "neovim-lang": "0.3.7-bp151.3.3.1"
        }
    ]
}