Hi James, * James Vega <[EMAIL PROTECTED]> [2008-06-16 17:26]: > In regard to the Vim vulnerabilities described at > <http://www.rdancer.org/vulnerablevim.html>. > > On Mon, Jun 16, 2008 at 10:44:06AM -0400, Jamie Strandboge wrote: > > These should all be fixed now according to: > > http://groups.google.com/group/vim_dev/tree/browse_frm/month/2008-06/6d7899eac89aa333?rnum=131&_done=%2Fgroup%2Fvim_dev%2Fbrowse_frm%2Fmonth%2F2008-06%3F#doc_9bb6550f4f955f04 > > > > Also, 7.1.314 is supposedly mostly not affected, but I did find these > > commits: > > http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1012 > > http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1013 > > http://vim.svn.sourceforge.net/viewvc/vim?view=rev&revision=1021 > > Right, the core code is up-to-date as of 7.1.314. I'm currently working > on updating the remaining affected runtime files/documentation for an > upload to unstable. > > Given that the vulnerability requires the user to edit files with rather > odd filenames, [...] Note that this is not the case for every vulnerability. Have a look at the filetype.vim issue which doesn't need a crafted filename.
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpMR3p4AXjmS.pgp
Description: PGP signature
