vim modeline vulnerability

To: debian-security@lists.debian.org
Subject: vim modeline vulnerability
From: Thomas Krennwallner <djmaecki@ull.at>
Date: Mon, 10 Mar 2003 20:18:21 +0100
Message-id: <[🔎] 20030310191821.GI816@super-skunk>

Hi!

Accourding to http://www.guninski.com/vim1.html vim is vulnerable in
woody and sarge (I tried it myself on both).

ChangeLog of vim (1:6.1-266+1) in sid says:

+ 6.1.265: libcall() can be used in 'foldexpr' to call any system
  function. rename(), delete() and remote_send() can also be
  used in 'foldexpr'. These are security problems.

Will there be a security update of vim in woody?

Last discussion of this bug was in Jan 2003:
http://lists.debian.org/debian-security/2003/debian-security-200301/msg00153.html

so long
Thomas

-- 
  ___    Obviously we do not want to leave zombies around.
_/___\     - W. Richard Stevens
 ( ^ >   Thomas Krennwallner <djmaecki at ull dot at>
 /   \   1024D/67A1DA7B 9484 D99D 2E1E 4E02 5446  DAD9 FF58 4E59 67A1 DA7B
(__\/_)_ http://bigfish.ull.at/~djmaecki/

Attachment: pgpjDJlcDzryF.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: vim modeline vulnerability
  - From: Luca Filipozzi <lfilipoz@debian.org>

Prev by Date: Re: ldap pam authentication
Next by Date: Re: [work] Integrity of Debian packages - please take OT private
Previous by thread: Re: ldap pam authentication
Next by thread: Re: vim modeline vulnerability
Index(es):
- Date
- Thread