Bug#435401: sandbox for vim allows attackers to execute shell commands and wr ite files
James Vega
jamessan at jamessan.com
Mon Aug 6 12:28:31 UTC 2007
package vim
found 435401 1:7.0-122+1etch2
notfound 435401 1:7.1-022+1
thanks
On Mon, Aug 06, 2007 at 01:17:11PM +0200, Taylor, Christopher PO2 USN (NCTS La Maddalena) wrote:
> FrSirt states that this has been fixed as of version 7.0.235[0]. The current
> version in unstable is 7.1
>
> The version in stable is currently vulnerable.
>
> The version in unstable does not appear to be vulnerable, as none of the
> exploits I tried against it were successful.
>
> [0]http://www.frsirt.com/english/advisories/2007/1599
Thanks for taking a look at this. I'll work on getting a package ready
for the stable release and contacting the security team.
James
--
GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20070806/f602f451/attachment.pgp
More information about the pkg-vim-maintainers
mailing list