Bug#320017: marked as done (vim: Arbitrary code execution in
modelines)
Steve Langasek
vorlon at debian.org
Sat Jul 30 21:08:59 UTC 2005
On Sat, Jul 30, 2005 at 01:48:52PM +0200, Norbert Tretkowski wrote:
> reopen 320017
> thanks
> * Debian Bug Tracking System wrote:
> > vim (1:6.3-071+1sarge1) stable; urgency=high
> > .
> > * New upstream patches (081 and 082), see README.gz for details.
> > + 6.3.081, 6.3.082: Fix arbitrary shell commands execution by wrapping
> > them in glob() or expand() function calls in modelines. (CAN-2005-2368)
> > (closes: #320017)
> I'm going to close it when 3.1r1 is released.
Wouldn't it be better to just use the version tracking instead?
--
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20050730/170d62c3/attachment.pgp
More information about the pkg-vim-maintainers
mailing list