Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f6bc633 by Markus Koschany at 2025-03-25T23:18:24+01:00
CVE-2025-27423,vim: bookworm and bullseye are not affected
The vulnerable code was introduced in 9.1.0858. (Switch to creating a temporary
directory and keeping permissions while reading the filename with exe "read
".fname. The fix was to escape fname in later versions but that does not exist
in bookworm and earlier Debian version.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5735,7 +5735,8 @@ CVE-2025-27498 (aes-gcm is a pure Rust implementation of
the AES-GCM. In decrypt
NOTE:
https://github.com/RustCrypto/AEADs/commit/d1d749ba57e38e65b0e037cd744d0b17f7254037
CVE-2025-27423 (Vim is an open source, command line text editor. Vim is
distributed wi ...)
- vim 2:9.1.1230-1 (bug #1099610)
- [bookworm] - vim <no-dsa> (Minor issue)
+ [bookworm] - vim <not-affected> (The vulnerable code was introduced
later)
+ [bullseye] - vim <not-affected> (The vulnerable code was introduced
later)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
NOTE: Introduced with:
https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29
(v9.1.0858)
NOTE: Fixed by:
https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399
(v9.1.1164)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f6bc633020caa3556b338c695f39c08c3917579
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f6bc633020caa3556b338c695f39c08c3917579
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
