oss-sec mailing list archives
Re: [oss-list] CVE request (vim)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 15 Sep 2008 21:13:32 -0400 (EDT)
On Thu, 11 Sep 2008, [UTF-8] Pınar Yanarda�^_ wrote:
Jan Lieskovsky wrote On 09/11/2008 05:56 PM:(...) Report: http://www.rdancer.org/vulnerablevim-K.html [1] Proposed patch: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2Unfortunately, this patch was incomplete and rdancer has released another patch for this issue: http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/f730da13efe2dd73?hide_quotes=no#msg_9290f26f9bc11b33
It's not clear whether to merge this with CVE-2008-4101 - if the original incomplete patch made it into some distro or public version of vim then OK, but we generally don't distinguish between patches (CVE-wise) when they're all part of the same bug discussion and there hasn't been a release. - Steve
Current thread:
- [oss-list] CVE request (vim) Jan Lieskovsky (Sep 11)
- Re: [oss-list] CVE request (vim) Pınar Yanardağ (Sep 11)
- Re: [oss-list] CVE request (vim) Steven M. Christey (Sep 15)
- Re: [oss-list] CVE request (vim) Jan Minář (Sep 11)
- Re: [oss-list] CVE request (vim) Steven M. Christey (Sep 15)
- Re: [oss-list] CVE request (vim) Pınar Yanardağ (Sep 11)