oss-sec mailing list archives
Re: [oss-list] CVE request (vim)
From: "Jan Minář" <rdancer () rdancer org>
Date: Fri, 12 Sep 2008 00:28:28 +0100
On Thu, Sep 11, 2008 at 3:56 PM, Jan Lieskovsky <jlieskov () redhat com> wrote:
Hello Steve, found relatively old issue in Vim, which was not covered by the CVE-2008-2712 patch. Could you please assign a new CVE id for it: Report: http://www.rdancer.org/vulnerablevim-K.html [1] Proposed patch: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
That's an early version. The latest from me was the version 3 (three) of the patch -- attachment of this message: http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33 The whole thread is illustrative. Also, patch 7.2.010 [0] addresses the issue (I'm not aware of anybody having analyzing it properly, as to what extent it really eradicates the vulnerability. If anybody is going to do that, please keep me CC'd.). [0] http://ftp.vim.org/pub/vim/patches/7.2/7.2.010 HTH, Jan.
Current thread:
- [oss-list] CVE request (vim) Jan Lieskovsky (Sep 11)
- Re: [oss-list] CVE request (vim) Pınar Yanardağ (Sep 11)
- Re: [oss-list] CVE request (vim) Steven M. Christey (Sep 15)
- Re: [oss-list] CVE request (vim) Jan Minář (Sep 11)
- Re: [oss-list] CVE request (vim) Steven M. Christey (Sep 15)
- Re: [oss-list] CVE request (vim) Pınar Yanardağ (Sep 11)