Bug#435401: sandbox for vim allows attackers to execute shell commands and wr ite files
Moritz Muehlenhoff
jmm at inutil.org
Fri Aug 17 21:06:21 UTC 2007
James Vega wrote:
> > FrSirt states that this has been fixed as of version 7.0.235[0]. The current
> > version in unstable is 7.1
> >
> > The version in stable is currently vulnerable.
> >
> > The version in unstable does not appear to be vulnerable, as none of the
> > exploits I tried against it were successful.
> >
> > [0]http://www.frsirt.com/english/advisories/2007/1599
>
> Thanks for taking a look at this. I'll work on getting a package ready
> for the stable release and contacting the security team.
What's the status? If you prepare an update for us, please include the fix
for ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039 (CVE-2007-2953).
Cheers,
Moritz
More information about the pkg-vim-maintainers
mailing list