Bug#435401: sandbox for vim allows attackers to execute shell commands and wr ite files
package vim clone 435401 retitle -1 Format string vulnerability possibly allows arbitrary code execution tag -1 security severity -1 grave found -1 1:7.0-122+1etch2 thanks On Fri, Aug 17, 2007 at 11:06:21PM +0200, Moritz Muehlenhoff wrote: > James Vega wrote: > > Thanks for taking a look at this. I'll work on getting a package ready > > for the stable release and contacting the security team. > > What's the status? If you prepare an update for us, please include the fix > for ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039 (CVE-2007-2953). I haven't had much free time recently. I'll get this done this weekend. Thanks for the prod and note about the other vulnerability. I've cloned this bug for the new vulnerability. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Bug#435401: sandbox for vim allows attackers to execute shell commands and wr ite files
James Vega wrote: > > FrSirt states that this has been fixed as of version 7.0.235[0]. The current > > version in unstable is 7.1 > > > > The version in stable is currently vulnerable. > > > > The version in unstable does not appear to be vulnerable, as none of the > > exploits I tried against it were successful. > > > > [0]http://www.frsirt.com/english/advisories/2007/1599 > > Thanks for taking a look at this. I'll work on getting a package ready > for the stable release and contacting the security team. What's the status? If you prepare an update for us, please include the fix for ftp://ftp.vim.org/pub/vim/patches/7.1/7.1.039 (CVE-2007-2953). Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#435401: sandbox for vim allows attackers to execute shell commands and wr ite files
package vim found 435401 1:7.0-122+1etch2 notfound 435401 1:7.1-022+1 thanks On Mon, Aug 06, 2007 at 01:17:11PM +0200, Taylor, Christopher PO2 USN (NCTS La Maddalena) wrote: > FrSirt states that this has been fixed as of version 7.0.235[0]. The current > version in unstable is 7.1 > > The version in stable is currently vulnerable. > > The version in unstable does not appear to be vulnerable, as none of the > exploits I tried against it were successful. > > [0]http://www.frsirt.com/english/advisories/2007/1599 Thanks for taking a look at this. I'll work on getting a package ready for the stable release and contacting the security team. James -- GPG Key: 1024D/61326D40 2003-09-02 James Vega <[EMAIL PROTECTED]> signature.asc Description: Digital signature
Bug#435401: sandbox for vim allows attackers to execute shell commands and wr ite files
FrSirt states that this has been fixed as of version 7.0.235[0]. The current version in unstable is 7.1 The version in stable is currently vulnerable. The version in unstable does not appear to be vulnerable, as none of the exploits I tried against it were successful. [0]http://www.frsirt.com/english/advisories/2007/1599 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]