[Secure-testing-commits] r1841 - in data/DTSA: . advs
Joey Hess
joeyh at costa.debian.org
Wed Sep 7 16:56:58 UTC 2005
Author: joeyh
Date: 2005-09-07 16:56:57 +0000 (Wed, 07 Sep 2005)
New Revision: 1841
Added:
data/DTSA/advs/12-vim.adv
Modified:
data/DTSA/advs/0-hotzenplotz.adv
data/DTSA/list
Log:
new vim advisory
Modified: data/DTSA/advs/0-hotzenplotz.adv
===================================================================
--- data/DTSA/advs/0-hotzenplotz.adv 2005-09-07 16:52:46 UTC (rev 1840)
+++ data/DTSA/advs/0-hotzenplotz.adv 2005-09-07 16:56:57 UTC (rev 1841)
@@ -1,6 +1,6 @@
dtsa: DTSA-0-1
source: hotzenplotz
-date: 2005-11-12
+date: September 7th, 2005
author: Wachtmeister Dimpfelmoser
vuln-type: buffer overflows
problem-scope: remote
Added: data/DTSA/advs/12-vim.adv
===================================================================
--- data/DTSA/advs/12-vim.adv 2005-09-07 16:52:46 UTC (rev 1840)
+++ data/DTSA/advs/12-vim.adv 2005-09-07 16:56:57 UTC (rev 1841)
@@ -0,0 +1,14 @@
+dtsa: DTSA-11-1
+source: vim
+date: September 7th, 2005
+author: Joey Hess
+vuln-type: modeline exploits
+problem-scope: local
+debian-specifc: no
+cve: CAN-2005-2368
+testing-fix: 1:6.3-085+0.0etch1
+sid-fix: 1:6.3-085+1
+
+vim modelines allow files to execute arbitrary commands via shell
+metacharacters in the glob or expand commands of a foldexpr expression
+for calculating fold levels.
Modified: data/DTSA/list
===================================================================
--- data/DTSA/list 2005-09-07 16:52:46 UTC (rev 1840)
+++ data/DTSA/list 2005-09-07 16:56:57 UTC (rev 1841)
@@ -30,3 +30,7 @@
[August 29th, 2005] DTSA-11-1 maildrop - local privilege escalation
{CAN-2005-2655 }
- maildrop 1.5.3-1.1etch1 (medium)
+[September 7th, 2005] DTSA-12-1 vim - modeline exploits
+ {CAN-2005-2368 }
+ - vim 1:6.3-085+0.0etch1
+ TODO: unreleased
More information about the Secure-testing-commits
mailing list