Bug#286223: marked as done (CAN-2004-1138: Is Debian vulnerable?)
Debian Bug Tracking System
owner@bugs.debian.org
Tue, 31 May 2005 13:33:18 -0700
Your message dated Tue, 31 May 2005 16:10:34 -0400
with message-id <E1DdD4M-0007SO-00@newraff.debian.org>
and subject line Bug#286223: fixed in vim 6.1.018-1woody1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Dec 2004 15:22:09 +0000
>From kreutzm@itp.uni-hannover.de Sat Dec 18 07:22:09 2004
Return-path: <kreutzm@itp.uni-hannover.de>
Received: from mrelay3.uni-hannover.de [130.75.2.41] (root)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CfgPJ-0004pt-00; Sat, 18 Dec 2004 07:22:09 -0800
Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de [130.75.25.242])
by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id iBIFM39e022394
for <submit@bugs.debian.org>; Sat, 18 Dec 2004 16:22:03 +0100 (MET)
Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de [130.75.25.99])
by mail.itp.uni-hannover.de (Postfix) with ESMTP
id DC25A2EFE3; Sat, 18 Dec 2004 16:21:54 +0100 (CET)
Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237)
id 935A55F42; Sat, 18 Dec 2004 16:21:54 +0100 (CET)
From: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2004-1138: Is Debian vulnerable?
X-Mailer: reportbug 1.50
Date: Sat, 18 Dec 2004 16:21:54 +0100
Message-Id: <20041218152154.935A55F42@pleione.itp.uni-hannover.de>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2 (mrelay3.uni-hannover.de [130.75.2.41]); Sat, 18 Dec 2004 16:22:03 +0100 (MET)
X-Scanned-By: MIMEDefang 2.42
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: vim
Version: 6.1.018-1
Severity: normal
Tags: security, woody
Hello,
I could not find an entry on CAN-2004-1138 in
http://www.nl.debian.org/security/nonvulns-woody
http://www.nl.debian.org/security/nonvulns-sarge
on this. I used severity normal as this "only" enables local user-user
information reading.
Please either supply updated packages for list the entries in the
above pages.
Looking at the version numbers (sorry, the CAN-page is still empty, so
I am not sure here), sid may be fixed already though the latest
changelog does not mention this security vulnerability.
If it is not fixed (yet), update the tags accordingly.
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US
Versions of packages vim depends on:
ii dpkg 1.9.21 Package maintenance system for Deb
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libgpmg1 1.19.6-12 General Purpose Mouse Library [lib
ii libncurses5 5.2.20020112a-7 Shared libraries for terminal hand
---------------------------------------
Received: (at 286223-close) by bugs.debian.org; 31 May 2005 20:26:10 +0000
>From katie@ftp-master.debian.org Tue May 31 13:26:10 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DdDJS-0004Ig-00; Tue, 31 May 2005 13:26:10 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DdD4M-0007SO-00; Tue, 31 May 2005 16:10:34 -0400
From: Norbert Tretkowski <nobse@debian.org>
To: 286223-close@bugs.debian.org
X-Katie: $Revision: 1.15 $
Subject: Bug#286223: fixed in vim 6.1.018-1woody1
Message-Id: <E1DdD4M-0007SO-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Tue, 31 May 2005 16:10:34 -0400
Delivered-To: 286223-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: vim
Source-Version: 6.1.018-1woody1
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:
vim-gtk_6.1.018-1woody1_i386.deb
to pool/main/v/vim/vim-gtk_6.1.018-1woody1_i386.deb
vim-perl_6.1.018-1woody1_i386.deb
to pool/main/v/vim/vim-perl_6.1.018-1woody1_i386.deb
vim-python_6.1.018-1woody1_i386.deb
to pool/main/v/vim/vim-python_6.1.018-1woody1_i386.deb
vim-ruby_6.1.018-1woody1_i386.deb
to pool/main/v/vim/vim-ruby_6.1.018-1woody1_i386.deb
vim-tcl_6.1.018-1woody1_i386.deb
to pool/main/v/vim/vim-tcl_6.1.018-1woody1_i386.deb
vim_6.1.018-1woody1.diff.gz
to pool/main/v/vim/vim_6.1.018-1woody1.diff.gz
vim_6.1.018-1woody1.dsc
to pool/main/v/vim/vim_6.1.018-1woody1.dsc
vim_6.1.018-1woody1_i386.deb
to pool/main/v/vim/vim_6.1.018-1woody1_i386.deb
vim_6.1.018.orig.tar.gz
to pool/main/v/vim/vim_6.1.018.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 286223@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Tretkowski <nobse@debian.org> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 3 Apr 2005 12:35:25 +0200
Source: vim
Binary: vim-python vim-gtk vim-ruby vim vim-tcl vim-perl
Architecture: source i386
Version: 6.1.018-1woody1
Distribution: stable
Urgency: medium
Maintainer: Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: Norbert Tretkowski <nobse@debian.org>
Description:
vim - Vi IMproved - enhanced vi editor
vim-gtk - Vi IMproved - GTK version
vim-perl - Vi IMproved, with perl scripting support
vim-python - Vi IMproved, with python scripting support
vim-ruby - Vi IMproved, with ruby scripting support
vim-tcl - Vi IMproved, with tcl scripting support
Closes: 286223 289560 291125
Changes:
vim (6.1.018-1woody1) stable; urgency=medium
.
* CAN-2004-1138: Backported and applied patch 6.3.045 which fixes several
vulnerabilities related to the use of options in modelines.
(closes: #286223)
* CAN-2005-0069: Use mktemp instead of insecure $$ construction to create
temporary files in vimspell.sh and tcltags. (closes: #289560, #291125)
* Set maintainer address to project mailinglist on alioth and added myself to
uploaders.
Files:
1cfdd09715be69c8df993ad9e662b92f 804 editors optional vim_6.1.018-1woody1.dsc
a72ece837a192262ef9daf29566fd6c1 4430373 editors optional vim_6.1.018.orig.tar.gz
776f9a74f34ba52f9d4040323657d7df 30282 editors optional vim_6.1.018-1woody1.diff.gz
e7e1230281e4d71f7e6c51011ea6a426 3751082 editors optional vim_6.1.018-1woody1_i386.deb
fb8c979819a1699b50b12840d2ddb243 552054 editors optional vim-gtk_6.1.018-1woody1_i386.deb
992e0ee6c3ad8156a35a8767b9fb354e 562010 editors optional vim-perl_6.1.018-1woody1_i386.deb
f58e67bf101ae8aa3139f30c7948ff56 559472 editors optional vim-python_6.1.018-1woody1_i386.deb
b45ce4151f0877ad52c7f65dd38d622a 556476 editors optional vim-ruby_6.1.018-1woody1_i386.deb
5692dbb7cdf79c4e9f346c72d605c76d 559632 editors optional vim-tcl_6.1.018-1woody1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCT99Cr/RnCw96jQERArr/AJ0WFx40y2sGLzF6eSat3Ta/PS5adgCgik7T
MjjF6BRIAGXVK1fxNnCqtPg=
=ZUIQ
-----END PGP SIGNATURE-----