Bug#500381: marked as done (vim: CVE-2008-4101 Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)

Debian Bug Tracking System Sat, 27 Sep 2008 14:57:23 -0700

Your message dated Sat, 27 Sep 2008 21:02:26 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#500381: fixed in vim 2:7.2.010-1
has caused the Debian Bug report #500381,
regarding vim: CVE-2008-4101 Vim 3.0 through 7.x before 7.2.010 does not 
properly escape ...
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
500381: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500381
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Source: vim
Version: 7.2.000-3
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vim.

CVE-2008-4101[0]:
| Vim 3.0 through 7.x before 7.2.010 does not properly escape
| characters, which allows user-assisted attackers to (1) execute
| arbitrary shell commands by entering a K keystroke on a line that
| contains a ";" (semicolon) followed by a command, or execute arbitrary
| Ex commands by entering an argument after a (2) "Ctrl-]" (control
| close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke
| sequence, a different issue than CVE-2008-2712.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101
    http://security-tracker.debian.net/tracker/CVE-2008-4101

The patch is available at:
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33

For a better explanation see:
http://www.rdancer.org/vulnerablevim-K.html

Kind regards,
Thomas.

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: vim
Source-Version: 2:7.2.010-1

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:

vim-common_7.2.010-1_i386.deb
  to pool/main/v/vim/vim-common_7.2.010-1_i386.deb
vim-dbg_7.2.010-1_i386.deb
  to pool/main/v/vim/vim-dbg_7.2.010-1_i386.deb
vim-doc_7.2.010-1_all.deb
  to pool/main/v/vim/vim-doc_7.2.010-1_all.deb
vim-full_7.2.010-1_all.deb
  to pool/main/v/vim/vim-full_7.2.010-1_all.deb
vim-gnome_7.2.010-1_i386.deb
  to pool/main/v/vim/vim-gnome_7.2.010-1_i386.deb
vim-gtk_7.2.010-1_i386.deb
  to pool/main/v/vim/vim-gtk_7.2.010-1_i386.deb
vim-gui-common_7.2.010-1_all.deb
  to pool/main/v/vim/vim-gui-common_7.2.010-1_all.deb
vim-lesstif_7.2.010-1_i386.deb
  to pool/main/v/vim/vim-lesstif_7.2.010-1_i386.deb
vim-nox_7.2.010-1_i386.deb
  to pool/main/v/vim/vim-nox_7.2.010-1_i386.deb
vim-perl_7.2.010-1_all.deb
  to pool/main/v/vim/vim-perl_7.2.010-1_all.deb
vim-python_7.2.010-1_all.deb
  to pool/main/v/vim/vim-python_7.2.010-1_all.deb
vim-ruby_7.2.010-1_all.deb
  to pool/main/v/vim/vim-ruby_7.2.010-1_all.deb
vim-runtime_7.2.010-1_all.deb
  to pool/main/v/vim/vim-runtime_7.2.010-1_all.deb
vim-tcl_7.2.010-1_all.deb
  to pool/main/v/vim/vim-tcl_7.2.010-1_all.deb
vim-tiny_7.2.010-1_i386.deb
  to pool/main/v/vim/vim-tiny_7.2.010-1_i386.deb
vim_7.2.010-1.diff.gz
  to pool/main/v/vim/vim_7.2.010-1.diff.gz
vim_7.2.010-1.dsc
  to pool/main/v/vim/vim_7.2.010-1.dsc
vim_7.2.010-1_i386.deb
  to pool/main/v/vim/vim_7.2.010-1_i386.deb
vim_7.2.010.orig.tar.gz
  to pool/main/v/vim/vim_7.2.010.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Vega <[EMAIL PROTECTED]> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 27 Sep 2008 14:56:03 -0400
Source: vim
Binary: vim-common vim-gui-common vim-runtime vim-doc vim-tiny vim vim-dbg 
vim-perl vim-python vim-ruby vim-tcl vim-gtk vim-nox vim-lesstif vim-gnome 
vim-full
Architecture: source all i386
Version: 2:7.2.010-1
Distribution: unstable
Urgency: low
Maintainer: Debian Vim Maintainers <[EMAIL PROTECTED]>
Changed-By: James Vega <[EMAIL PROTECTED]>
Description: 
 vim        - Vi IMproved - enhanced vi editor
 vim-common - Vi IMproved - Common files
 vim-dbg    - Vi IMproved - enhanced vi editor (debugging symbols)
 vim-doc    - Vi IMproved - HTML documentation
 vim-full   - Vi IMproved - enhanced vi editor (transitional package)
 vim-gnome  - Vi IMproved - enhanced vi editor - with GNOME2 GUI
 vim-gtk    - Vi IMproved - enhanced vi editor - with GTK2 GUI
 vim-gui-common - Vi IMproved - Common GUI files
 vim-lesstif - Vi IMproved - enhanced vi editor - with LessTif GUI
 vim-nox    - Vi IMproved - enhanced vi editor
 vim-perl   - Vi IMproved - enhanced vi editor (transitional package)
 vim-python - Vi IMproved - enhanced vi editor (transitional package)
 vim-ruby   - Vi IMproved - enhanced vi editor (transitional package)
 vim-runtime - Vi IMproved - Runtime files
 vim-tcl    - Vi IMproved - enhanced vi editor (transitional package)
 vim-tiny   - Vi IMproved - enhanced vi editor - compact version
Closes: 500381
Changes: 
 vim (2:7.2.010-1) unstable; urgency=low
 .
   * New upstream patches (1 - 10), see README.gz for details.
     - 7.2.010 correctly escapes the visually selected text used by the K
       command.  (CVE-2008-4101, Closes: #500381)
   * Add note to NEWS about how to re-enable filetype plugins.
Checksums-Sha1: 
 498e940ed0d40fb8ec1505cded90ad6c3f1957aa 1709 vim_7.2.010-1.dsc
 952379a87e286516ae21f73fd0376becb5f69d6e 10881673 vim_7.2.010.orig.tar.gz
 2dd1a5197f6224e47dd7fc965b8d7a616f24d6d7 179271 vim_7.2.010-1.diff.gz
 96e2e953c675a23635e6b21ee83776614b67f5f4 161028 
vim-gui-common_7.2.010-1_all.deb
 d4519985026a2a14b7c8c77fa05b7650f26a86c0 5992544 vim-runtime_7.2.010-1_all.deb
 6d28173452fa0d0f5dbc25aa0911b351f8ad8e9f 2211330 vim-doc_7.2.010-1_all.deb
 f96030bcd2ee88a0ea5fed840706af9f53fc73dd 76804 vim-perl_7.2.010-1_all.deb
 2d6a64b756969c289180806720802ca46c6bb823 76812 vim-python_7.2.010-1_all.deb
 786a9b4eba7b5bccec79de5cabfe77fccea5d197 76808 vim-ruby_7.2.010-1_all.deb
 8cf779907135048b08e87429085c7ac019158d75 76806 vim-tcl_7.2.010-1_all.deb
 2cdca5fce7f85c8bce3cec3daf582e8e3bce5546 76828 vim-full_7.2.010-1_all.deb
 ade09f6d2796a690ceb3e3b5d942ff71c892874f 334866 vim-tiny_7.2.010-1_i386.deb
 cbecff27a090c8fe6dc57e82bcefe0861c27ceb6 998684 vim-gtk_7.2.010-1_i386.deb
 2aa49237d0d50c667bf29ea90340cc2efd39c06f 1000512 vim-gnome_7.2.010-1_i386.deb
 898b1f1269f8fe80dd200f7b83cb305620cf8e38 991442 vim-lesstif_7.2.010-1_i386.deb
 47489a1dc9f8836c384e51f3024884ad8318de6f 867700 vim-nox_7.2.010-1_i386.deb
 5fffb71f13aa1588b30fa922ba6a93f913585d5d 200138 vim-common_7.2.010-1_i386.deb
 f07d02169dfa381521004a0a936ba62d5ba75bf0 781050 vim_7.2.010-1_i386.deb
 d71e17d00b783d03a4bfcb6205f4e07641b92016 8411384 vim-dbg_7.2.010-1_i386.deb
Checksums-Sha256: 
 6546876fd0f430d2bdad2a5313e39e7760b82d2e86fde5b335223eeb76c6117d 1709 
vim_7.2.010-1.dsc
 6cb0543e0b1e199f4b1e90570db5d84ea41efc0f1f3fcd90d1f4f33d41820f53 10881673 
vim_7.2.010.orig.tar.gz
 719970bb5728358199640ac64301d9fba9e33dae6f7a22bb85f0ceb1289acc9c 179271 
vim_7.2.010-1.diff.gz
 0c630d9a19ac86b146155e75c7186a35d023b81b84c580b72c7d71dc523faf67 161028 
vim-gui-common_7.2.010-1_all.deb
 9c981a778616c016ead6e6422e5f5006315aeaf122d19ea34bade9deeb3bfb3b 5992544 
vim-runtime_7.2.010-1_all.deb
 615bc5838ceeebcaf9654de26046528c4ecc8265216c78b3c5485e2488fac5e6 2211330 
vim-doc_7.2.010-1_all.deb
 fe5a5e163348be65c65dd7e8426eb8faa44f804531b601ec5d298a4dc1af120f 76804 
vim-perl_7.2.010-1_all.deb
 a5f09a13b9ee13ceb512b41d6336c61b0c9821e724f3b9c3f9abc744d7a4ceff 76812 
vim-python_7.2.010-1_all.deb
 107df7d5f58dcbfb216a4556056645288d3f8d8e23ff9a12236914447d9e4b08 76808 
vim-ruby_7.2.010-1_all.deb
 5c922f91c324d7c267533d1b2c73e51b0ef095795a1f3bf70315b473c5489793 76806 
vim-tcl_7.2.010-1_all.deb
 457ddb8a2fca1287b040c11c73eda2336b957836ed815f47b76cc1439bf8b7ce 76828 
vim-full_7.2.010-1_all.deb
 5072881bbeb776fe0f587fa3f6acec1d463a655330c7dd6ac0a734f97c3cc25f 334866 
vim-tiny_7.2.010-1_i386.deb
 08752cc5fc4b3308b05c96b5e3358005399c9a410294beffce6867798999c025 998684 
vim-gtk_7.2.010-1_i386.deb
 62beff9d3b06812749b9ba5ba2fb00a340b35e18b0972101edfe12598b133ffd 1000512 
vim-gnome_7.2.010-1_i386.deb
 75979afbb6f51adfd727e7cb8838625c4ba0a37e245e3b11aa6d410d6adf546d 991442 
vim-lesstif_7.2.010-1_i386.deb
 44c5e65f40e1fc5d288a669df81102ac8d5d5580ebe3270cd587df88bd69c98e 867700 
vim-nox_7.2.010-1_i386.deb
 387aafa5e3368b05012c74ccd893757c4bd25fcf90beb89c94dece2ce7570c06 200138 
vim-common_7.2.010-1_i386.deb
 bd8b3866f771d572c65a4a323601fd7c90b3275eaaff20e38ab039e288d271f3 781050 
vim_7.2.010-1_i386.deb
 c28b3384562d4c52a5bc639f4a55e40ce22026f3abfd5dbdb911486fd5e971c1 8411384 
vim-dbg_7.2.010-1_i386.deb
Files: 
 1c4963ecf421d443101e494337df19ac 1709 editors optional vim_7.2.010-1.dsc
 06f70a6c02d732247aa3cd495eb4ca7d 10881673 editors optional 
vim_7.2.010.orig.tar.gz
 2ca14aca504a75e7868d9a931c42b452 179271 editors optional vim_7.2.010-1.diff.gz
 a2d67f6adc6404f242f32c75a1d13014 161028 editors optional 
vim-gui-common_7.2.010-1_all.deb
 4617a0522a3575369d8d8953ede15398 5992544 editors optional 
vim-runtime_7.2.010-1_all.deb
 2a08b9f03242113361764c8378e9ed3c 2211330 doc optional vim-doc_7.2.010-1_all.deb
 d7ca4ea2fafd6d2eca7d5a5db700f40e 76804 editors extra vim-perl_7.2.010-1_all.deb
 abdd8b44ffa3971468a7f03917e513a2 76812 editors extra 
vim-python_7.2.010-1_all.deb
 4a5c63dbe9d8f459fd15f62ee2facc31 76808 editors extra vim-ruby_7.2.010-1_all.deb
 940d1cadacddef58ca5010814d7700f1 76806 editors extra vim-tcl_7.2.010-1_all.deb
 a24d16693f77bcfc441344ce759d1218 76828 editors extra vim-full_7.2.010-1_all.deb
 6603c41f3ecd0d3b604bc21e44f5b0a3 334866 editors important 
vim-tiny_7.2.010-1_i386.deb
 f2709adc45c54af9ac166d3098a15546 998684 editors extra 
vim-gtk_7.2.010-1_i386.deb
 b4f663c0fb47fe39fd74a8e1abb62e4d 1000512 editors extra 
vim-gnome_7.2.010-1_i386.deb
 b252af4b2d0e326fad782171af20b8e8 991442 editors extra 
vim-lesstif_7.2.010-1_i386.deb
 646701e2e3ae09b9daefc1297018699e 867700 editors extra 
vim-nox_7.2.010-1_i386.deb
 7e0752211bda958e199cf67916cad114 200138 editors important 
vim-common_7.2.010-1_i386.deb
 adf55842ebc9e69d692b5fa176a811f2 781050 editors optional vim_7.2.010-1_i386.deb
 0017eb855bb12bf55d4c6c8e46e56dfe 8411384 editors extra 
vim-dbg_7.2.010-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjeluwACgkQDb3UpmEybUA7LACeJY6G69tpOrRakglreATPFX7X
vsEAn00yiMApgF8bae81qKD6jz3j4B2j
=x2AA
-----END PGP SIGNATURE-----

--- End Message ---

Bug#500381: marked as done (vim: CVE-2008-4101 Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)

Reply via email to