Bug#435401: sandbox for vim allows attackers to execute shell commands and wr ite files
James Vega
jamessan at debian.org
Sat Aug 18 02:44:19 UTC 2007
package vim
clone 435401
retitle -1 Format string vulnerability possibly allows arbitrary code execution
tag -1 security
severity -1 grave
found -1 1:7.0-122+1etch2
thanks
On Fri, Aug 17, 2007 at 11:06:21PM +0200, Moritz Muehlenhoff wrote:
> James Vega wrote:
> > Thanks for taking a look at this. I'll work on getting a package ready
> > for the stable release and contacting the security team.
>
> What's the status? If you prepare an update for us, please include the fix
> for ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039 (CVE-2007-2953).
I haven't had much free time recently. I'll get this done this weekend.
Thanks for the prod and note about the other vulnerability. I've cloned
this bug for the new vulnerability.
James
--
GPG Key: 1024D/61326D40 2003-09-02 James Vega <jamessan at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20070817/f0498bec/attachment.pgp
More information about the pkg-vim-maintainers
mailing list