On Wed, Mar 19, 2025 at 01:06:42PM +0800, Sean Whitton wrote: > Hello, Hi Sean,
> I have attempted to backport upstream's fix for this CVE in vim in > d/patches/CVE-2021-4137.patch 4173 > on the debian/bullseye branch under > lts-team on salsa. > > My backporting is not correct, and causes a segfault when the tests run. > > After studying it again, I have come to the conclusion that this is too > difficult to backport without becoming a vimscript compilation expert. > Therefore, considering the CVE severity, we should mark this one as > ignored. But I could be wrong -- maybe it is obvious what is wrong with > my backport to someone else's eyes. > > Therefore, could someone take a look at my work, and let me know if they > can see the problem, please? I have pushed a fix. No test regressions are caused by it, and both the PoC and the testcase for the non-CVE fix I picked as prerequisite are fixed. There are two test failures caused by other patches later in the stack, I haven't looked at these (and commented out all later patches for my local testing). > Thanks. cu Adrian
