In regard to the Vim vulnerabilities described at <http://www.rdancer.org/vulnerablevim.html>.
On Mon, Jun 16, 2008 at 10:44:06AM -0400, Jamie Strandboge wrote: > These should all be fixed now according to: > http://groups.google.com/group/vim_dev/tree/browse_frm/month/2008-06/6d7899eac89aa333?rnum=131&_done=%2Fgroup%2Fvim_dev%2Fbrowse_frm%2Fmonth%2F2008-06%3F#doc_9bb6550f4f955f04 > > Also, 7.1.314 is supposedly mostly not affected, but I did find these commits: > http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1012 > http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1013 > http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1021 Right, the core code is up-to-date as of 7.1.314. I'm currently working on updating the remaining affected runtime files/documentation for an upload to unstable. Given that the vulnerability requires the user to edit files with rather odd filenames, I'm not sure whether it warrants a security upload to stable-security. Comments from the security team? If there is a need for one, I could spend some time this weekend getting a more minimal diff to apply against the stable package. -- James GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]>
signature.asc
Description: Digital signature