Bug#500381: marked as done (vim: CVE-2008-4101 Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)

Debian Bug Tracking System Tue, 14 Oct 2008 19:33:57 -0700

Your message dated Wed, 15 Oct 2008 02:02:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#500381: fixed in vim 1:7.1.314-3+lenny1
has caused the Debian Bug report #500381,
regarding vim: CVE-2008-4101 Vim 3.0 through 7.x before 7.2.010 does not 
properly escape ...
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
500381: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500381
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Source: vim
Version: 7.2.000-3
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vim.

CVE-2008-4101[0]:
| Vim 3.0 through 7.x before 7.2.010 does not properly escape
| characters, which allows user-assisted attackers to (1) execute
| arbitrary shell commands by entering a K keystroke on a line that
| contains a ";" (semicolon) followed by a command, or execute arbitrary
| Ex commands by entering an argument after a (2) "Ctrl-]" (control
| close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke
| sequence, a different issue than CVE-2008-2712.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101
    http://security-tracker.debian.net/tracker/CVE-2008-4101

The patch is available at:
http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33

For a better explanation see:
http://www.rdancer.org/vulnerablevim-K.html

Kind regards,
Thomas.

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: vim
Source-Version: 1:7.1.314-3+lenny1

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:

vim-common_7.1.314-3+lenny1_i386.deb
  to pool/main/v/vim/vim-common_7.1.314-3+lenny1_i386.deb
vim-dbg_7.1.314-3+lenny1_i386.deb
  to pool/main/v/vim/vim-dbg_7.1.314-3+lenny1_i386.deb
vim-doc_7.1.314-3+lenny1_all.deb
  to pool/main/v/vim/vim-doc_7.1.314-3+lenny1_all.deb
vim-full_7.1.314-3+lenny1_all.deb
  to pool/main/v/vim/vim-full_7.1.314-3+lenny1_all.deb
vim-gnome_7.1.314-3+lenny1_i386.deb
  to pool/main/v/vim/vim-gnome_7.1.314-3+lenny1_i386.deb
vim-gtk_7.1.314-3+lenny1_i386.deb
  to pool/main/v/vim/vim-gtk_7.1.314-3+lenny1_i386.deb
vim-gui-common_7.1.314-3+lenny1_all.deb
  to pool/main/v/vim/vim-gui-common_7.1.314-3+lenny1_all.deb
vim-lesstif_7.1.314-3+lenny1_i386.deb
  to pool/main/v/vim/vim-lesstif_7.1.314-3+lenny1_i386.deb
vim-nox_7.1.314-3+lenny1_i386.deb
  to pool/main/v/vim/vim-nox_7.1.314-3+lenny1_i386.deb
vim-perl_7.1.314-3+lenny1_all.deb
  to pool/main/v/vim/vim-perl_7.1.314-3+lenny1_all.deb
vim-python_7.1.314-3+lenny1_all.deb
  to pool/main/v/vim/vim-python_7.1.314-3+lenny1_all.deb
vim-ruby_7.1.314-3+lenny1_all.deb
  to pool/main/v/vim/vim-ruby_7.1.314-3+lenny1_all.deb
vim-runtime_7.1.314-3+lenny1_all.deb
  to pool/main/v/vim/vim-runtime_7.1.314-3+lenny1_all.deb
vim-tcl_7.1.314-3+lenny1_all.deb
  to pool/main/v/vim/vim-tcl_7.1.314-3+lenny1_all.deb
vim-tiny_7.1.314-3+lenny1_i386.deb
  to pool/main/v/vim/vim-tiny_7.1.314-3+lenny1_i386.deb
vim_7.1.314-3+lenny1.diff.gz
  to pool/main/v/vim/vim_7.1.314-3+lenny1.diff.gz
vim_7.1.314-3+lenny1.dsc
  to pool/main/v/vim/vim_7.1.314-3+lenny1.dsc
vim_7.1.314-3+lenny1_i386.deb
  to pool/main/v/vim/vim_7.1.314-3+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Vega <[EMAIL PROTECTED]> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 14 Oct 2008 21:11:21 -0400
Source: vim
Binary: vim-common vim-gui-common vim-runtime vim-doc vim-tiny vim vim-dbg 
vim-perl vim-python vim-ruby vim-tcl vim-gtk vim-nox vim-lesstif vim-gnome 
vim-full
Architecture: source all i386
Version: 1:7.1.314-3+lenny1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Debian Vim Maintainers <[EMAIL PROTECTED]>
Changed-By: James Vega <[EMAIL PROTECTED]>
Description: 
 vim        - Vi IMproved - enhanced vi editor
 vim-common - Vi IMproved - Common files
 vim-dbg    - Vi IMproved - enhanced vi editor (debugging symbols)
 vim-doc    - Vi IMproved - HTML documentation
 vim-full   - Vi IMproved - enhanced vi editor (transitional package)
 vim-gnome  - Vi IMproved - enhanced vi editor - with GNOME2 GUI
 vim-gtk    - Vi IMproved - enhanced vi editor - with GTK2 GUI
 vim-gui-common - Vi IMproved - Common GUI files
 vim-lesstif - Vi IMproved - enhanced vi editor - with LessTif GUI
 vim-nox    - Vi IMproved - enhanced vi editor
 vim-perl   - Vi IMproved - enhanced vi editor (transitional package)
 vim-python - Vi IMproved - enhanced vi editor (transitional package)
 vim-ruby   - Vi IMproved - enhanced vi editor (transitional package)
 vim-runtime - Vi IMproved - Runtime files
 vim-tcl    - Vi IMproved - enhanced vi editor (transitional package)
 vim-tiny   - Vi IMproved - enhanced vi editor - compact version
Closes: 384635 456897 486502 492450 492519 499451 500381
Changes: 
 vim (1:7.1.314-3+lenny1) testing-proposed-updates; urgency=low
 .
   * Cherry-pick patches from upstream to address filename escaping
     vulnerabilities
     - 7.2a.013 shellescape() does not escape "%" and "#" characters
     - 7.2b.005 shellescape() doesn't take care of "!" and "\n"
     - 7.2b.018 cmdline completion on shell cmd fails on file containing '!'
     - 7.2b.026 GTK 2 file chooser causes significant slowdown  (Closes:
       #456897, #384635)
     - 7.2c.002 fnameescape() doesn't handle a leading '+' or '>'
     - 7.2.010 "K" in Visual mode does not properly escape all characters
       (CVE 2008-4101, Closes: #500381)
       + src/normal.c: Only use the word under the cursor, instead of the
         entire line after the cursor, when constructing the shell command to
         run.
   * Update runtime files affected by filename escape vulnerabilities.
     (CVE 2008-2712, Closes: #486502)
   * src/spell.c: Stop reading when EOF is reached to avoid allocing large
     amounts of memory.
   * src/main.c: After further discussion with upstream, revert behavior of
     -N/-C causing (no)compatible to be set after all startup files/plugins are
     sourced, c.f. #438560.
   * debian/control: vim-runtime Depends on dpkg >= 1.14.20 for sane
     dpkg-divert behavior
   * debian.vim: Do not enable 'autoindent' and filetype plugins by default.
   * Add NEWS item for change in default configuration.
   * runtime/autoload/netrw.vim: Fix deletion of incorrect file in wide display
     listing.  Using Jan Minář's patch from the vim-dev list.  (Closes:
     #492519)
   * Improve handling of transition from vim-runtime Replacing vim-tiny to
     using diversions to manage their conflicting files.  (Closes: #492450)
   * Add vim-runtime.preinst to handle moving /etc/vim/vimrc.tiny from
     vim-common to vim-tiny.  (Closes: #499451)
Checksums-Sha1: 
 4dd425bc2cf9d8be7dea3878fad5f006109c8bc5 1726 vim_7.1.314-3+lenny1.dsc
 c6b607c354828bc8628736c720839230a5d638a5 377885 vim_7.1.314-3+lenny1.diff.gz
 894cfd8b40852f22359043cacc7edd90e801072f 159756 
vim-gui-common_7.1.314-3+lenny1_all.deb
 8d3422b4c38a2bd1f72c227a1b5ad749b8652c5e 5594788 
vim-runtime_7.1.314-3+lenny1_all.deb
 80fa589e72eaf33735433f4833a6f68abf0fdcf4 2151930 
vim-doc_7.1.314-3+lenny1_all.deb
 9e5d717bbc00560d643a785dc3a4f0c5d231fadc 75220 
vim-perl_7.1.314-3+lenny1_all.deb
 b9e77d0ef7e0f91c68a5d2b7eef4a58d39997195 75226 
vim-python_7.1.314-3+lenny1_all.deb
 3818f208142aad576ebaf5987c30d46b87b526e0 75218 
vim-ruby_7.1.314-3+lenny1_all.deb
 ea7d8330284815043070e62783f5f0a1b3ad2e44 75218 vim-tcl_7.1.314-3+lenny1_all.deb
 3988c8a35d54e6cb6639e34267eb2a1756f5bed7 75244 
vim-full_7.1.314-3+lenny1_all.deb
 54e947dab1f11fe600c36b4492037581f8e74d6a 334966 
vim-tiny_7.1.314-3+lenny1_i386.deb
 0920f540e5388925fb8994c487e2d990a0b38fae 993934 
vim-gtk_7.1.314-3+lenny1_i386.deb
 2daa81e77e5cb66cc335b4a4ec73120268d2ebca 996072 
vim-gnome_7.1.314-3+lenny1_i386.deb
 fbb31bbb593f786cf7f10d953f03b1a84497f753 986426 
vim-lesstif_7.1.314-3+lenny1_i386.deb
 5348af60fb555fdea99f37402fd54b4bdffec975 862980 
vim-nox_7.1.314-3+lenny1_i386.deb
 4628755608d60fb564007e92e28a4957280f6f65 208086 
vim-common_7.1.314-3+lenny1_i386.deb
 9340f7b5bd7ad46b6f76df0166a34f365d10df2d 776652 vim_7.1.314-3+lenny1_i386.deb
 40af6013f632bc1935ca52bb82c17c2b25117408 8379772 
vim-dbg_7.1.314-3+lenny1_i386.deb
Checksums-Sha256: 
 a1a1b63727f081df238c6d133c7137851b1fde035b9a6eb71c4d8c9d42fd9bec 1726 
vim_7.1.314-3+lenny1.dsc
 352663390c9138305881a327f9ed713d5d5b3d0524abb7c85a822948c798ba77 377885 
vim_7.1.314-3+lenny1.diff.gz
 5171dfc76b8fcd4da5def633c9f6d57e28de60a07cd6c12aac3a7521a48891cb 159756 
vim-gui-common_7.1.314-3+lenny1_all.deb
 887923eeeda4034697d9fe085ca0c2d4930f56f0c2f882fc0e2a205300e338c7 5594788 
vim-runtime_7.1.314-3+lenny1_all.deb
 cf2ee5e145ae347ebda61a596c87083f4975cf7b048acb21b7ec40e1c4422da3 2151930 
vim-doc_7.1.314-3+lenny1_all.deb
 3ef213948741ce86130c0f385c46ce8bc9a24224b0c46688ea0e1d77f2ed653f 75220 
vim-perl_7.1.314-3+lenny1_all.deb
 4b92c282a63a95b4a86835712363204b84dd30c34674959a4016ab7bea3bd9c8 75226 
vim-python_7.1.314-3+lenny1_all.deb
 f6e45afe3832880be75fae1f76b1ccc08e5f76b31a6ca410eb184d3537811923 75218 
vim-ruby_7.1.314-3+lenny1_all.deb
 06ec80e4bed3e1c62f4fe82f7a37ba18fbcca3e00f7ebe77d9aef1960737035a 75218 
vim-tcl_7.1.314-3+lenny1_all.deb
 9e2bc0fef11b7d4d9188c1e76135351517213c4ab820a712789786be3714134d 75244 
vim-full_7.1.314-3+lenny1_all.deb
 32391366288b596bea97377621f8b737ab65a811be5b4c1fee1c9049188792f6 334966 
vim-tiny_7.1.314-3+lenny1_i386.deb
 c58cd747c2f7e48432a8188c5fc58ca5288074358882157787397c3a1628c464 993934 
vim-gtk_7.1.314-3+lenny1_i386.deb
 424f9d9d96a75c6a2019a633bee19a6bf1f8dfc38a796d677263193d6991337b 996072 
vim-gnome_7.1.314-3+lenny1_i386.deb
 a0e5740fbb73731a541242bd50dc59e179e1d5246f0cd1fb80371e4b6f2c4141 986426 
vim-lesstif_7.1.314-3+lenny1_i386.deb
 c09f2dade223699df59bddd4c53c748751be6a54d02039bb4828471a42eca4ed 862980 
vim-nox_7.1.314-3+lenny1_i386.deb
 abbaa3cea631728baf72425b5610bd7fd911759f4073423a1412e6a8a59e17d0 208086 
vim-common_7.1.314-3+lenny1_i386.deb
 6a283df98a1ac5a0d1ae63c84a4316e574dbd6299f2284fce38fcb9093fe89c2 776652 
vim_7.1.314-3+lenny1_i386.deb
 179401308ed19e705f5f7e0519ded117825d2015da80721d3b3fbeb545f70923 8379772 
vim-dbg_7.1.314-3+lenny1_i386.deb
Files: 
 166285e7b8359c58a2ee4192ec7bd647 1726 editors optional vim_7.1.314-3+lenny1.dsc
 51298e450877dd084622e4dbf7ca4069 377885 editors optional 
vim_7.1.314-3+lenny1.diff.gz
 370d615ae4cd6939992dc86711127af5 159756 editors optional 
vim-gui-common_7.1.314-3+lenny1_all.deb
 eb3ac92786d5523cfc73e4a50254d808 5594788 editors optional 
vim-runtime_7.1.314-3+lenny1_all.deb
 555c522152facea3ac63849f8b1862d5 2151930 doc optional 
vim-doc_7.1.314-3+lenny1_all.deb
 4dbd8196e8460b326c2313207280e0b4 75220 editors extra 
vim-perl_7.1.314-3+lenny1_all.deb
 8ec20588c8cbc7c86cd2f080505bac19 75226 editors extra 
vim-python_7.1.314-3+lenny1_all.deb
 3e75bcb51ade2ebe72fe30f196e6d450 75218 editors extra 
vim-ruby_7.1.314-3+lenny1_all.deb
 091d9d62112f40e1d4f24735c5d2c49b 75218 editors extra 
vim-tcl_7.1.314-3+lenny1_all.deb
 3426cd27ead531bb9275fcf6cca86274 75244 editors extra 
vim-full_7.1.314-3+lenny1_all.deb
 406b4c18431d45d3e62a3de0952dad04 334966 editors important 
vim-tiny_7.1.314-3+lenny1_i386.deb
 34d00943f6793447ab122f97d38c8bcc 993934 editors extra 
vim-gtk_7.1.314-3+lenny1_i386.deb
 0d9ed2d17550c174f629ace4540d26b1 996072 editors extra 
vim-gnome_7.1.314-3+lenny1_i386.deb
 f24776ef05e085613772ea4da27c1027 986426 editors extra 
vim-lesstif_7.1.314-3+lenny1_i386.deb
 55f900dfe509d977017c9320b60c22bf 862980 editors extra 
vim-nox_7.1.314-3+lenny1_i386.deb
 e42447b47bef096d9009815658123a31 208086 editors important 
vim-common_7.1.314-3+lenny1_i386.deb
 d6b258afe28b60f81f099f424466ae49 776652 editors optional 
vim_7.1.314-3+lenny1_i386.deb
 0700ea8145ebb736877fecf891387832 8379772 editors extra 
vim-dbg_7.1.314-3+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkj1S+kACgkQDb3UpmEybUDZAwCcCvKT/nwMdspwan/XByC3+K1B
/hoAn3HEXaW9YSeD211wQpAaiXQRObij
=qfnm
-----END PGP SIGNATURE-----

--- End Message ---

Bug#500381: marked as done (vim: CVE-2008-4101 Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)

Reply via email to