Your message dated Thu, 28 Jul 2005 06:02:13 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#320017: fixed in vim 1:6.3-085+1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jul 2005 12:34:24 +0000
>From [EMAIL PROTECTED] Tue Jul 26 05:34:15 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail01.pironet-ndh.com (mail.pironet-ndh.com) [194.64.31.10]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DxOdF-0000hM-00; Tue, 26 Jul 2005 05:34:01 -0700
Received: from mail.fbn-dd.de (mail.fbn-dd.de [195.227.105.178])
by mail.pironet-ndh.com (Postfix) with ESMTP id B9E5455244F;
Tue, 26 Jul 2005 14:33:27 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de
(192-168-0-1.transfer-000.intranet.fbn-dd.de [192.168.0.1])
by mail.fbn-dd.de (Postfix) with ESMTP
id 631492637E; Tue, 26 Jul 2005 14:33:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by sonne.intranet.fbn-dd.de (Postfix) with ESMTP
id 6C42D2010E; Tue, 26 Jul 2005 14:33:27 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de (localhost [127.0.0.1])
by localhost (AvMailGate-2.0.1.16) id 02908-0C583C8E;
Tue, 26 Jul 2005 14:33:26 +0200
Received: from localhost.localdomain (10-28-130-200.intranet-28-130.fbn-dd.de
[10.28.130.200])
by sonne.intranet.fbn-dd.de (Postfix) with ESMTP
id DD1612010E; Tue, 26 Jul 2005 14:33:25 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id 851793F08; Tue, 26 Jul 2005 14:33:31 +0200 (CEST)
Date: Tue, 26 Jul 2005 14:33:31 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: vim: Arbitrary code execution in modelines
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.16; AVE: 6.31.1.0;
VDF: 6.31.1.21; host: sonne)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: vim
Version: 1:6.3-078+1
Severity: grave
Tags: security
Hi!
Georgi Guninski found another modeline vuln in vim:
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html=20
I already asked for a CAN number, I'll forward it when I get one.
You can get the Ubuntu debdiff from
http://patches.ubuntu.com/patches/vim.code-modelines.diff
for fixing sarge and possibly woody. For unstable, you should probably
just upgrade to the latest upstream version.
Thanks,
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFC5i2bDecnbV4Fd/IRAhcDAKDY1E876wIPsI4EuiH27IzZ/2xbOACg0ny0
tcbxgqgezHDP/8Tk6lg+y6I=
=dvVP
-----END PGP SIGNATURE-----
--EVF5PPMfhYS0aIcm--
---------------------------------------
Received: (at 320017-close) by bugs.debian.org; 28 Jul 2005 13:33:46 +0000
>From [EMAIL PROTECTED] Thu Jul 28 06:33:46 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1Dy81d-0002Ao-00; Thu, 28 Jul 2005 06:02:13 -0700
From: Debian VIM Maintainers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#320017: fixed in vim 1:6.3-085+1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 28 Jul 2005 06:02:13 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 4
Source: vim
Source-Version: 1:6.3-085+1
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:
vim-common_6.3-085+1_all.deb
to pool/main/v/vim/vim-common_6.3-085+1_all.deb
vim-doc_6.3-085+1_all.deb
to pool/main/v/vim/vim-doc_6.3-085+1_all.deb
vim-full_6.3-085+1_i386.deb
to pool/main/v/vim/vim-full_6.3-085+1_i386.deb
vim-gnome_6.3-085+1_i386.deb
to pool/main/v/vim/vim-gnome_6.3-085+1_i386.deb
vim-gtk_6.3-085+1_i386.deb
to pool/main/v/vim/vim-gtk_6.3-085+1_i386.deb
vim-lesstif_6.3-085+1_i386.deb
to pool/main/v/vim/vim-lesstif_6.3-085+1_i386.deb
vim-perl_6.3-085+1_i386.deb
to pool/main/v/vim/vim-perl_6.3-085+1_i386.deb
vim-python_6.3-085+1_i386.deb
to pool/main/v/vim/vim-python_6.3-085+1_i386.deb
vim-ruby_6.3-085+1_i386.deb
to pool/main/v/vim/vim-ruby_6.3-085+1_i386.deb
vim-tcl_6.3-085+1_i386.deb
to pool/main/v/vim/vim-tcl_6.3-085+1_i386.deb
vim_6.3-085+1.diff.gz
to pool/main/v/vim/vim_6.3-085+1.diff.gz
vim_6.3-085+1.dsc
to pool/main/v/vim/vim_6.3-085+1.dsc
vim_6.3-085+1_i386.deb
to pool/main/v/vim/vim_6.3-085+1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Debian VIM Maintainers <[EMAIL PROTECTED]> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 28 Jul 2005 12:16:06 +0200
Source: vim
Binary: vim-full vim-lesstif vim-common vim-doc vim-gnome vim vim-gtk vim-perl
vim-tiny vim-ruby vim-python vim-tcl
Architecture: source i386 all
Version: 1:6.3-085+1
Distribution: unstable
Urgency: high
Maintainer: Debian VIM Maintainers <[EMAIL PROTECTED]>
Changed-By: Debian VIM Maintainers <[EMAIL PROTECTED]>
Description:
vim - Vi IMproved - enhanced vi editor
vim-common - Vi IMproved - Common files
vim-doc - Vi IMproved - Documentation files
vim-full - Vi IMproved - full fledged version of the enhanced vi editor
vim-gnome - Vi IMproved - GNOME2 Version
vim-gtk - Vi IMproved - GTK2 Version
vim-lesstif - Vi IMproved - LessTif Version
vim-perl - Vi IMproved, with perl scripting support
vim-python - Vi IMproved, with python scripting support
vim-ruby - Vi IMproved, with ruby scripting support
vim-tcl - Vi IMproved, with tcl scripting support
Closes: 308890 311234 314309 320017
Changes:
vim (1:6.3-085+1) unstable; urgency=high
.
* New upstream patches (079 to 085), see README.gz for details.
+ 6.3.082: Fix arbitrary shell commands execution by wrapping them in
glob() or expand() function calls in modelines. (CAN-2005-2368)
(closes: #320017)
.
* James Vega <[EMAIL PROTECTED]>
+ Added patch 129_filetype.vim.diff, which sets the filetype to perl for
*.plx files. (closes: #314309)
.
* Matthijs Mohlmann <[EMAIL PROTECTED]>
+ Added patch 130_fstab.vim.diff, added bind as option. (closes: #308890)
+ Added patch 131_xxd.1.diff, fixes typo in xxd manpage. (closes: #311234)
Files:
532806f6c0f4bff7ac3775e802cc4a5c 1369 editors optional vim_6.3-085+1.dsc
2664f9d24fbda6d3550763f152c89feb 283063 editors optional vim_6.3-085+1.diff.gz
0d3cf5c7053a2939855c9aa2a3468dd1 1650106 editors optional
vim-doc_6.3-085+1_all.deb
34b9788bc5e7fc977682153246617f48 3424616 editors optional
vim-common_6.3-085+1_all.deb
e6cc4f75a39a882e42f2ee75bfea8178 724926 editors optional vim_6.3-085+1_i386.deb
badc097f41ca1ff37d368c607e909dde 741248 editors extra
vim-perl_6.3-085+1_i386.deb
66a27ca02e059e469b53ddcd2acc4a4c 733774 editors extra
vim-python_6.3-085+1_i386.deb
ea87b059cf13b764ca23e38f2f18ab5f 729436 editors extra
vim-ruby_6.3-085+1_i386.deb
a42d140c50583ccfdf07e24fce1ee819 693852 editors extra
vim-tcl_6.3-085+1_i386.deb
3140a8065116eafdedfa5e2b91622200 686328 editors extra
vim-gtk_6.3-085+1_i386.deb
c16a97dc37e0913e2368bac14acf56a1 666732 editors extra
vim-lesstif_6.3-085+1_i386.deb
539d0685c42fcee34f01270d93b4c227 688516 editors extra
vim-gnome_6.3-085+1_i386.deb
848896bc1bd0e1e02867c43fe1710cdc 762204 editors extra
vim-full_6.3-085+1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC6M6cr/RnCw96jQERAuK/AJ4oMHF6vtRCeOrhtZd8km/E6qc7LACgonoT
1QHXdkKyI86JYntlXd9L328=
=ZCub
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
