This bug was fixed in the package vim - 1:7.1.314-3ubuntu1
---------------
vim (1:7.1.314-3ubuntu1) intrepid; urgency=low
* Resynchronise with Debian. Remaining changes:
- Enable detection of GNU screen as a mouse-capable terminal.
- Add NoDisplay=true to gvim.desktop.
- Drop vim-lesstif package and lesstif2-dev build-dependency.
- Build-depend on libxt-dev.
- Enable Python interpreter on basic builds.
- Create a .pot file for translations.
- Disable autoindent, line-wrapping, and backup files by default.
* Fixes various vulnerabilities due to improper quoting of 'execute'
arguments (LP: #240216).
* Drop fixes for upgrade problems from Ubuntu 6.06 LTS; direct upgrades
from 6.06 to 8.10 will not be supported.
vim (1:7.1.314-3) unstable; urgency=high
* Update runtime files affected by the filename escape vulnerability.
(CVE 2008-2712, Closes: #486502)
* debian/vim-runtime.preinst:
- Only add the diversions if the preinst is called with the "install" or
"upgrade" (to handle the previous mishandling in postrm) arguments.
* debian/vim-runtime.postrm:
- Only remove the diversions if the postrm is called with the "remove"
argument. (Closes: #486446)
* runtime/menu.vim:
- Escape the buffer name when using the "Window -> Split File Explorer"
menu item. (Closes: #486417)
vim (1:7.1.314-2) unstable; urgency=low
* debian/rules:
- Tell configure to only check the GUI toolkit specific to the variant
being built. (Closes: #486319, #486336)
* runtime/ftplugin/debchangelog.vim:
- Merge Launchpad bug completion from Ubuntu.
- Specify the full path when calling apt-listbugs instead of relying on
/usr/sbin being in the user's path.
- Improve error handling for Launchpad bug completion.
vim (1:7.1.314-1) unstable; urgency=low
* New upstream patches (294 - 314), see README.gz for details.
- SELinux support merged upstream
* Update NetRW to version 125n (pre-release).
- Calculate length of multi-byte strings properly. (Closes: #474609)
- Display/navigate symlinks to directories properly. (Closes: #474980)
* Update vim-git runtime files.
* debian/update-patches:
- Fix determination of patch level from last commit.
- Use debian:debian/README to determine current patch level.
- Don't exit on error since that prevents correcting merges.
- Use a standard commit message for debian/README.
* runtime/ftplugin/debchangelog.vim:
- NewVersion() should only call foldopen if folding is enabled.
* runtime/macros/justify.vim:
- Calculate strlen for multi-byte strings properly. (Closes: #481115)
* debian/rules:
- Make use of upstream's "shadow" directories so the variants can be built
in parallel.
- Remove .NOTPARALLEL to allow parallel building.
- Remove useless dh_shlibdeps call in the binary-indep target.
- Remove autoconf-stamp target since we're no longer patching configure.
* debian/vim-runtime.install:
- Add new gvimtutor to vim-runtime package.
* Very carefully divert vim-tiny's help.txt and helptags so they will still
be in place if vim-runtime is removed.
* debian/control:
- Remove vim-runtime's Replaces of vim-tiny since the conflicting files
are now handled by diversions.
-- Colin Watson <[EMAIL PROTECTED]> Thu, 26 Jun 2008 13:42:18 +0100
** Changed in: vim (Ubuntu)
Status: New => Fix Released
--
Collection of vulnerabilities in Vim reported by rdancer
https://bugs.launchpad.net/bugs/240216
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
