On Thu, Jan 23, 2003 at 09:39:19AM +0100, Sasha Nedvedicky wrote: > i've noticed, that many other linux distros released a fix of CAN-2002-1377 > (vim modeline vulnerability). > > by http://online.securityfocus.org/bid/6384, it seems, that only few linux > distributions (excluding Debian) are affected. > > so is it true, that current package of vim in Debian Woody is not affected > by vim modeline vulnerability ?
The current Debian Woody version of vim is vulnerable. I have already produced a fixed package and given it to the Security Team. When they are ready (i.e., after they have checked my work), I'm sure that they will post an advisory. Luca -- Luca Filipozzi, Debian Developer [dpkg] We are the apt. You will be packaged. Comply. gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
