From d314229aa657bc23c0fc99aa79a347326095b190 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 8 May 2024 07:05:20 +0200
Subject: Adding debian version 2:8.1.0875-5+deb10u3.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/patches/CVE-2021-4019.patch | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 debian/patches/CVE-2021-4019.patch

(limited to 'debian/patches/CVE-2021-4019.patch')

diff --git a/debian/patches/CVE-2021-4019.patch b/debian/patches/CVE-2021-4019.patch
new file mode 100644
index 0000000..bf0f8ab
--- /dev/null
+++ b/debian/patches/CVE-2021-4019.patch
@@ -0,0 +1,38 @@
+From: Markus Koschany <apo@debian.org>
+Date: Wed, 19 Oct 2022 19:50:16 +0200
+Subject: CVE-2021-4019
+
+Origin: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142
+---
+ src/ex_cmds.c             |  3 +--
+ src/testdir/test_help.vim | 10 ++++++++++
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+--- a/src/ex_cmds.c
++++ b/src/ex_cmds.c
+@@ -6658,8 +6658,7 @@ find_help_tags(
+ 		    || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
+ 							   && arg[2] != NUL)))
+ 	{
+-	    STRCPY(d, "/\\\\");
+-	    STRCPY(d + 3, arg + 1);
++	vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
+ 	    /* Check for "/\\_$", should be "/\\_\$" */
+ 	    if (d[3] == '_' && d[4] == '$')
+ 		STRCPY(d + 4, "\\$");
+--- a/src/testdir/test_help.vim
++++ b/src/testdir/test_help.vim
+@@ -49,3 +49,13 @@ func Test_help_local_additions()
+   call delete('Xruntime', 'rf')
+   let &rtp = rtp_save
+ endfunc
++
++" CVE-2021-4019
++func Test_help_long_argument()
++  try
++    exe 'help \%' .. repeat('0', 1021)
++  catch
++    call assert_match("E15:", v:exception)
++  endtry
++endfunc
++
-- 
cgit v1.2.3