Re: vim modeline vulnerability - is Debian Woody affected?

To: debian-security@lists.debian.org
Subject: Re: vim modeline vulnerability - is Debian Woody affected?
From: Luca Filipozzi <lfilipoz@debian.org>
Date: Thu, 23 Jan 2003 07:03:46 -0800
Message-id: <[🔎] 20030123150346.GA1714@bofh.ece.ubc.ca>
In-reply-to: <[🔎] 20030123083919.GA1546@kerio.com>
References: <[🔎] 20030123083919.GA1546@kerio.com>

On Thu, Jan 23, 2003 at 09:39:19AM +0100, Sasha Nedvedicky wrote:
> i've noticed, that many other linux distros released a fix of CAN-2002-1377
> (vim modeline vulnerability).
> 
> by http://online.securityfocus.org/bid/6384, it seems, that only few linux
> distributions (excluding Debian) are affected.
> 
> so is it true, that current package of vim in Debian Woody is not affected
> by vim modeline vulnerability ?

The current Debian Woody version of vim is vulnerable.  I have already
produced a fixed package and given it to the Security Team.  When they
are ready (i.e., after they have checked my work), I'm sure that they
will post an advisory.

Luca

-- 
Luca Filipozzi, Debian Developer
[dpkg] We are the apt. You will be packaged. Comply.
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E  09C1 3573 32C4 5A82 7A2D

Reply to:

References:
- vim modeline vulnerability - is Debian Woody affected?
  - From: Sasha Nedvedicky <anedvedicky@kerio.com>

Prev by Date: Re: question about SSH / IPTABLES
Next by Date: Re: question about SSH / IPTABLES
Previous by thread: vim modeline vulnerability - is Debian Woody affected?
Next by thread: question about SSH / IPTABLES
Index(es):
- Date
- Thread