Package: vim Version: 1:7.1-022+1 Severity: grave Tags: security Justification: user security hole
Hi mates I found this CVE[0], which states: The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. I also saw that there is an ubuntu security announce, including these two patches[1] as a fix. Can you please investigate, if any versions in debian are vulnerable? Please also feel free to downgrade/close this bug, if the fix is already in unstable. Thanks for your efforts. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2438 [1]: http://developer.skolelinux.no/~white/security/vim/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
