[Git][security-tracker-team/security-tracker][master] CVE-2025-27423,vim: bookworm and bullseye are not affected

Markus Koschany (@apo) apo at debian.org
Tue Mar 25 22:35:54 GMT 2025 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f6bc633 by Markus Koschany at 2025-03-25T23:18:24+01:00
CVE-2025-27423,vim: bookworm and bullseye are not affected

The vulnerable code was introduced in 9.1.0858. (Switch to creating a temporary
directory and keeping permissions while reading the filename with exe "read
".fname. The fix was to escape fname in later versions but that does not exist
in bookworm and earlier Debian version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5735,7 +5735,8 @@ CVE-2025-27498 (aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt
 	NOTE: https://github.com/RustCrypto/AEADs/commit/d1d749ba57e38e65b0e037cd744d0b17f7254037
 CVE-2025-27423 (Vim is an open source, command line text editor. Vim is distributed wi ...)
 	- vim 2:9.1.1230-1 (bug #1099610)
-	[bookworm] - vim <no-dsa> (Minor issue)
+	[bookworm] - vim <not-affected> (The vulnerable code was introduced later)
+	[bullseye] - vim <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
 	NOTE: Introduced with: https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29 (v9.1.0858)
 	NOTE: Fixed by: https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399 (v9.1.1164)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f6bc633020caa3556b338c695f39c08c3917579

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f6bc633020caa3556b338c695f39c08c3917579
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250325/dc7a3b25/attachment.htm>

More information about the debian-security-tracker-commits mailing list