Source: vim Version: 7.2.000-3 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for vim.
CVE-2008-4101[0]: | Vim 3.0 through 7.x before 7.2.010 does not properly escape | characters, which allows user-assisted attackers to (1) execute | arbitrary shell commands by entering a K keystroke on a line that | contains a ";" (semicolon) followed by a command, or execute arbitrary | Ex commands by entering an argument after a (2) "Ctrl-]" (control | close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke | sequence, a different issue than CVE-2008-2712. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://security-tracker.debian.net/tracker/CVE-2008-4101 The patch is available at: http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33 For a better explanation see: http://www.rdancer.org/vulnerablevim-K.html Kind regards, Thomas.
signature.asc
Description: Digital signature
