------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#28 ------------------------------------------------------------
Name: vim Date: 2007-05-07 Severity: Low Warning #: 2007-#28 ------------------------------------------------------------ Product Background =================== A highly configurable, improved version of the vi text editor built to enable efficient text editing Problem Background - Impact =================== Previous versions of the vim package allowed two functions, feedkeys() and writefile(), to be used in the sandbox. Functions executed via modelines in files being edited are verified by the sandbox; a user who is coerced into opening a specially-crafted file could cause the system to execute arbitrary shell code supplied by the attacker. Problem Packages =================== Package: vim Repo: current Group: base Unsafe: < 7.0.235 Safe: >= 7.0.235 Package Fix =================== Upgrade to lastest 7.0.243 =================== Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =================== https://issues.rpath.com/browse/RPL-1320
signature.asc
Description: OpenPGP digital signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
