Bug#286223: marked as done (CAN-2004-1138: Is Debian vulnerable?)

Debian Bug Tracking System owner@bugs.debian.org
Tue, 31 May 2005 13:33:18 -0700


Your message dated Tue, 31 May 2005 16:10:34 -0400
with message-id <E1DdD4M-0007SO-00@newraff.debian.org>
and subject line Bug#286223: fixed in vim 6.1.018-1woody1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Dec 2004 15:22:09 +0000
>From kreutzm@itp.uni-hannover.de Sat Dec 18 07:22:09 2004
Return-path: <kreutzm@itp.uni-hannover.de>
Received: from mrelay3.uni-hannover.de [130.75.2.41] (root)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CfgPJ-0004pt-00; Sat, 18 Dec 2004 07:22:09 -0800
Received: from mail.itp.uni-hannover.de (mail.itp.uni-hannover.de [130.75.25.242])
	by mrelay3.uni-hannover.de (8.12.10/8.12.10) with ESMTP id iBIFM39e022394
	for <submit@bugs.debian.org>; Sat, 18 Dec 2004 16:22:03 +0100 (MET)
Received: from pleione.itp.uni-hannover.de (pleione.itp.uni-hannover.de [130.75.25.99])
	by mail.itp.uni-hannover.de (Postfix) with ESMTP
	id DC25A2EFE3; Sat, 18 Dec 2004 16:21:54 +0100 (CET)
Received: by pleione.itp.uni-hannover.de (Postfix, from userid 237)
	id 935A55F42; Sat, 18 Dec 2004 16:21:54 +0100 (CET)
From: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2004-1138: Is Debian vulnerable?
X-Mailer: reportbug 1.50
Date: Sat, 18 Dec 2004 16:21:54 +0100
Message-Id: <20041218152154.935A55F42@pleione.itp.uni-hannover.de>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.2.2 (mrelay3.uni-hannover.de [130.75.2.41]); Sat, 18 Dec 2004 16:22:03 +0100 (MET)
X-Scanned-By: MIMEDefang 2.42
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: vim
Version: 6.1.018-1
Severity: normal
Tags: security, woody

Hello,
I could not find an entry on CAN-2004-1138 in
http://www.nl.debian.org/security/nonvulns-woody
http://www.nl.debian.org/security/nonvulns-sarge

on this. I used severity normal as this "only" enables local user-user
information reading.

Please either supply updated packages for list the entries in the
above pages.

Looking at the version numbers (sorry, the CAN-page is still empty, so
I am not sure here), sid may be fixed already though the latest
changelog does not mention this security vulnerability.

If it is not fixed (yet), update the tags accordingly.

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages vim depends on:
ii  dpkg                     1.9.21          Package maintenance system for Deb
ii  libc6                    2.2.5-11.5      GNU C Library: Shared libraries an
ii  libgpmg1                 1.19.6-12       General Purpose Mouse Library [lib
ii  libncurses5              5.2.20020112a-7 Shared libraries for terminal hand


---------------------------------------
Received: (at 286223-close) by bugs.debian.org; 31 May 2005 20:26:10 +0000
>From katie@ftp-master.debian.org Tue May 31 13:26:10 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DdDJS-0004Ig-00; Tue, 31 May 2005 13:26:10 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1DdD4M-0007SO-00; Tue, 31 May 2005 16:10:34 -0400
From: Norbert Tretkowski <nobse@debian.org>
To: 286223-close@bugs.debian.org
X-Katie: $Revision: 1.15 $
Subject: Bug#286223: fixed in vim 6.1.018-1woody1
Message-Id: <E1DdD4M-0007SO-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Tue, 31 May 2005 16:10:34 -0400
Delivered-To: 286223-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 2

Source: vim
Source-Version: 6.1.018-1woody1

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:

vim-gtk_6.1.018-1woody1_i386.deb
  to pool/main/v/vim/vim-gtk_6.1.018-1woody1_i386.deb
vim-perl_6.1.018-1woody1_i386.deb
  to pool/main/v/vim/vim-perl_6.1.018-1woody1_i386.deb
vim-python_6.1.018-1woody1_i386.deb
  to pool/main/v/vim/vim-python_6.1.018-1woody1_i386.deb
vim-ruby_6.1.018-1woody1_i386.deb
  to pool/main/v/vim/vim-ruby_6.1.018-1woody1_i386.deb
vim-tcl_6.1.018-1woody1_i386.deb
  to pool/main/v/vim/vim-tcl_6.1.018-1woody1_i386.deb
vim_6.1.018-1woody1.diff.gz
  to pool/main/v/vim/vim_6.1.018-1woody1.diff.gz
vim_6.1.018-1woody1.dsc
  to pool/main/v/vim/vim_6.1.018-1woody1.dsc
vim_6.1.018-1woody1_i386.deb
  to pool/main/v/vim/vim_6.1.018-1woody1_i386.deb
vim_6.1.018.orig.tar.gz
  to pool/main/v/vim/vim_6.1.018.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 286223@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Tretkowski <nobse@debian.org> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  3 Apr 2005 12:35:25 +0200
Source: vim
Binary: vim-python vim-gtk vim-ruby vim vim-tcl vim-perl
Architecture: source i386
Version: 6.1.018-1woody1
Distribution: stable
Urgency: medium
Maintainer: Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: Norbert Tretkowski <nobse@debian.org>
Description: 
 vim        - Vi IMproved - enhanced vi editor
 vim-gtk    - Vi IMproved - GTK version
 vim-perl   - Vi IMproved, with perl scripting support
 vim-python - Vi IMproved, with python scripting support
 vim-ruby   - Vi IMproved, with ruby scripting support
 vim-tcl    - Vi IMproved, with tcl scripting support
Closes: 286223 289560 291125
Changes: 
 vim (6.1.018-1woody1) stable; urgency=medium
 .
   * CAN-2004-1138: Backported and applied patch 6.3.045 which fixes several
     vulnerabilities related to the use of options in modelines.
     (closes: #286223)
   * CAN-2005-0069: Use mktemp instead of insecure $$ construction to create
     temporary files in vimspell.sh and tcltags. (closes: #289560, #291125)
   * Set maintainer address to project mailinglist on alioth and added myself to
     uploaders.
Files: 
 1cfdd09715be69c8df993ad9e662b92f 804 editors optional vim_6.1.018-1woody1.dsc
 a72ece837a192262ef9daf29566fd6c1 4430373 editors optional vim_6.1.018.orig.tar.gz
 776f9a74f34ba52f9d4040323657d7df 30282 editors optional vim_6.1.018-1woody1.diff.gz
 e7e1230281e4d71f7e6c51011ea6a426 3751082 editors optional vim_6.1.018-1woody1_i386.deb
 fb8c979819a1699b50b12840d2ddb243 552054 editors optional vim-gtk_6.1.018-1woody1_i386.deb
 992e0ee6c3ad8156a35a8767b9fb354e 562010 editors optional vim-perl_6.1.018-1woody1_i386.deb
 f58e67bf101ae8aa3139f30c7948ff56 559472 editors optional vim-python_6.1.018-1woody1_i386.deb
 b45ce4151f0877ad52c7f65dd38d622a 556476 editors optional vim-ruby_6.1.018-1woody1_i386.deb
 5692dbb7cdf79c4e9f346c72d605c76d 559632 editors optional vim-tcl_6.1.018-1woody1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCT99Cr/RnCw96jQERArr/AJ0WFx40y2sGLzF6eSat3Ta/PS5adgCgik7T
MjjF6BRIAGXVK1fxNnCqtPg=
=ZUIQ
-----END PGP SIGNATURE-----