Bug#320017: vim: Arbitrary code execution in modelines
Martin Pitt
martin.pitt at canonical.com
Tue Jul 26 12:33:31 UTC 2005
Package: vim
Version: 1:6.3-078+1
Severity: grave
Tags: security
Hi!
Georgi Guninski found another modeline vuln in vim:
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html
I already asked for a CAN number, I'll forward it when I get one.
You can get the Ubuntu debdiff from
http://patches.ubuntu.com/patches/vim.code-modelines.diff
for fixing sarge and possibly woody. For unstable, you should probably
just upgrade to the latest upstream version.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20050726/b2e615e7/attachment.pgp
More information about the pkg-vim-maintainers
mailing list