Bug#486502: CVE id for this
Nico Golde
nion at debian.org
Mon Jun 16 21:02:36 UTC 2008
Hi,
Name: CVE-2008-2712
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712
Reference: BUGTRAQ:20080613 Collection of Vulnerabilities in Fully Patched Vim 7.1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493352/100/0/threaded
Reference: BUGTRAQ:20080614 Re: Collection of Vulnerabilities in Fully Patched Vim 7.1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493353/100/0/threaded
Reference: MISC:http://www.rdancer.org/vulnerablevim.html
Reference: MLIST:[oss-security] CVE Id request: vim
Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/16/2
Vim 7.1.314, 6.4, and other versions allows user-assisted remote
attackers to execute arbitrary commands via Vim scripts that do not
properly sanitize inputs before invoking the execute or system
functions, as demonstrated using (1) filetype.vim, (2) zipplugin, (3)
xpm.vim, (4) gzip_vim, and (5) netrw.
Please reference this CVE id in the changelog when closing the bug.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20080616/0007ccfc/attachment.pgp
More information about the pkg-vim-maintainers
mailing list