Re: vim modeline vulnerability - is Debian Woody affected?
On Thu, Jan 23, 2003 at 09:39:19AM +0100, Sasha Nedvedicky wrote:
> i've noticed, that many other linux distros released a fix of CAN-2002-1377
> (vim modeline vulnerability).
>
> by http://online.securityfocus.org/bid/6384, it seems, that only few linux
> distributions (excluding Debian) are affected.
>
> so is it true, that current package of vim in Debian Woody is not affected
> by vim modeline vulnerability ?
The current Debian Woody version of vim is vulnerable. I have already
produced a fixed package and given it to the Security Team. When they
are ready (i.e., after they have checked my work), I'm sure that they
will post an advisory.
Luca
--
Luca Filipozzi, Debian Developer
[dpkg] We are the apt. You will be packaged. Comply.
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
Reply to: