Hi Thomas, I have already, now many weeks ago, submitted a fixed vim package to the Security Team. When they are ready (have reviewed, have time, etc), they will make a DSA. I've asked them if there's anything else I can do for them, with no reply. I suspect that they are occupied with other security bugs.
Yours, Luca On Mon, Mar 10, 2003 at 08:18:21PM +0100, Thomas Krennwallner wrote: > Hi! > > Accourding to http://www.guninski.com/vim1.html vim is vulnerable in > woody and sarge (I tried it myself on both). > > ChangeLog of vim (1:6.1-266+1) in sid says: > > + 6.1.265: libcall() can be used in 'foldexpr' to call any system > function. rename(), delete() and remote_send() can also be > used in 'foldexpr'. These are security problems. > > Will there be a security update of vim in woody? > > Last discussion of this bug was in Jan 2003: > http://lists.debian.org/debian-security/2003/debian-security-200301/msg00153.html > > so long > Thomas > > -- > ___ Obviously we do not want to leave zombies around. > _/___\ - W. Richard Stevens > ( ^ > Thomas Krennwallner <djmaecki at ull dot at> > / \ 1024D/67A1DA7B 9484 D99D 2E1E 4E02 5446 DAD9 FF58 4E59 67A1 DA7B > (__\/_)_ http://bigfish.ull.at/~djmaecki/ -- Luca Filipozzi "Linux gives us the power to crush those that oppose us." - switchlinux gpgkey 5A827A2D - A149 97BD 188C 7F29 779E 09C1 3573 32C4 5A82 7A2D
