Bug#435401: sandbox for vim allows attackers to execute shell commands and wr ite files
Taylor, Christopher PO2 USN (NCTS La Maddalena)
taylorc at lamadd.navy.mil
Mon Aug 6 11:17:11 UTC 2007
FrSirt states that this has been fixed as of version 7.0.235[0]. The current
version in unstable is 7.1
The version in stable is currently vulnerable.
The version in unstable does not appear to be vulnerable, as none of the
exploits I tried against it were successful.
[0]http://www.frsirt.com/english/advisories/2007/1599
More information about the pkg-vim-maintainers
mailing list