[Bug 240216] Re: Collection of vulnerabilities in Vim reported by rdancer
Olivier Mengué
240216 at bugs.launchpad.net
Thu May 3 14:34:44 UTC 2012
The bug has been fixed in Gentoo, but it looks like they forgot to
publish a GLSA. Until then they will not close the bug in their
bugtracker.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to vim in Ubuntu.
https://bugs.launchpad.net/bugs/240216
Title:
Collection of vulnerabilities in Vim reported by rdancer
Status in “vim” package in Ubuntu:
Fix Released
Status in “vim” source package in Dapper:
Fix Released
Status in “vim” source package in Feisty:
Won't Fix
Status in “vim” source package in Gutsy:
Fix Released
Status in “vim” source package in Hardy:
Fix Released
Status in “vim” package in Gentoo Linux:
In Progress
Bug description:
Binary package hint: vim
Multiples vulnerabilities exploitable from file content or file names have been reported here:
http://www.rdancer.org/vulnerablevim.html
Current version of Vim in Hardy is 7.1.138 which is older than the
reported vulnerable version, so is vulnerable too.
Upgrade to Vim 7.1.314 or above is recommended.
See http://groups.google.com/group/vim_dev/browse_thread/thread/0a5543c9cee7c274
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/+subscriptions
More information about the foundations-bugs
mailing list