Author: ken
Date: Sun Jun 16 21:29:56 2019
New Revision: 1481
Log:
Errata for vim-8.1.
Modified:
html/trunk/blfs/errata/8.4-systemd/index.html
html/trunk/blfs/errata/8.4/index.html
html/trunk/lfs/errata/8.4-systemd/index.html
html/trunk/lfs/errata/8.4/index.html
Modified: html/trunk/blfs/errata/8.4-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/8.4-systemd/index.html Wed Jun 12 21:00:36
2019 (r1480)
+++ html/trunk/blfs/errata/8.4-systemd/index.html Sun Jun 16 21:29:56
2019 (r1481)
@@ -98,7 +98,11 @@
<p>Post-release, a vulnerability was discovered in D-Bus that allows
for authentication bypass through an open D-Bus socket. To fix this,
upgrade to version 1.12.16 or later using the instructions at
- ../../view/svn/general/dbus.xml.</p>
+ ../../view/svn/general/dbus.html.</p>
+ <p>In June,, a security problem with vim was discovered: Remote attackers
can
+ execute arbitrary OS commands via the :source! command in a modeline.
This has
+ been fixed in version 8.1.1365, see the instructions in
+ ../../view/systemd/postlfs/editors/vim html.</p>
<!--#include virtual="/common/footer.html" -->
Modified: html/trunk/blfs/errata/8.4/index.html
==============================================================================
--- html/trunk/blfs/errata/8.4/index.html Wed Jun 12 21:00:36 2019
(r1480)
+++ html/trunk/blfs/errata/8.4/index.html Sun Jun 16 21:29:56 2019
(r1481)
@@ -42,8 +42,10 @@
prevented the version of WebKitGTK+ shipped with BLFS 8.4 from
downloading.
The BLFS team recommends using the latest 2.24.x versions because they
are
API and ABI compatible, and require no modifications to the
instructions.</li>
+
+
<!--
- <li>There are no current known errata for BLFS 8.4-systemd.</li>
+ <li>There are no current known errata for BLFS 8.4.</li>
-->
</ul>
@@ -100,6 +102,12 @@
for authentication bypass through an open D-Bus socket. To fix this,
upgrade to version 1.12.16 or later using the instructions at
../../view/svn/general/dbus.xml.</p>
+
+ <p>In June,, a security problem with vim was discovered: Remote attackers
can
+ execute arbitrary OS commands via the :source! command in a modeline.
This has
+ been fixed in version 8.1.1365, see the instructions in
+ ../../view/svn/postlfs/editors/vim html.</p>
+
<!--
<p>A vulnerability with available exploits in all recent versions of
ghostscript has been fixed in the development book by patching gs-9.25.
Modified: html/trunk/lfs/errata/8.4-systemd/index.html
==============================================================================
--- html/trunk/lfs/errata/8.4-systemd/index.html Wed Jun 12 21:00:36
2019 (r1480)
+++ html/trunk/lfs/errata/8.4-systemd/index.html Sun Jun 16 21:29:56
2019 (r1481)
@@ -20,12 +20,15 @@
END TEMPLATE -->
-<!--
- <h2>Known Security Vulnerabilities</h2>
- <ul>
+ <h2>Known Security Vulnerabilities</h2>
+ <ul>
<li> </li>
- </ul>
--->
+ <li><p>Vim-8.1 : Remote attackers can execute arbitrary OS commands
+ via the :source! command in a modeline in all versions of vim
before
+ 8.1.1365. Fixed in the development book and in the BLFS development
+ book.</li>
+ </ul>
+
<h2>Miscellaneous Errata</h2>
<ul>
<li>There are no current errata items for LFS 8.4-systemd.</li>
Modified: html/trunk/lfs/errata/8.4/index.html
==============================================================================
--- html/trunk/lfs/errata/8.4/index.html Wed Jun 12 21:00:36 2019
(r1480)
+++ html/trunk/lfs/errata/8.4/index.html Sun Jun 16 21:29:56 2019
(r1481)
@@ -20,12 +20,15 @@
END TEMPLATE -->
-<!--
- <h2>Known Security Vulnerabilities</h2>
- <ul>
+ <h2>Known Security Vulnerabilities</h2>
+ <ul>
<li> </li>
- </ul>
--->
+ <li><p>Vim-8.1 : Remote attackers can execute arbitrary OS commands
+ via the :source! command in a modeline in all versions of vim
before
+ 8.1.1365. Fixed in the development book and in the BLFS development
+ book.</li>
+ </ul>
+
<h2>Miscellaneous Errata</h2>
<ul>
<li>There are no current errata items for LFS 8.4.</li>
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
