On Sep 30, 2017 08:00, "Salvatore Bonaccorso" <car...@debian.org> wrote:
Hi On Sat, Sep 30, 2017 at 11:59:07AM +0200, Moritz Mühlenhoff wrote: > James McCoy wrote: > > diff --git a/debian/changelog b/debian/changelog > > index 978762c..8df2745 100644 > > --- a/debian/changelog > > +++ b/debian/changelog > > @@ -1,3 +1,12 @@ > > +vim (2:8.0.0197-5) UNRELEASED; urgency=medium > > + > > + * Backport upstream patches to fix CVE-2017-11109 (Closes: #867720) > > JFTR, this doesn't warrant a DSA on it's own, we can fix this along > when the next (more severe) vim security issue arises. Or, always possible, an update via a point release :) I had been meaning to do that, but have found time yet. I'll bump up the priority. Thanks for the reminder. Cheers, James