Launchpad has imported 16 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=227453.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-06-16T15:03:54+00:00 GNUtoo wrote: Vim Shell Command Injection Vulnerabilities see the url Reproducible: Always Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/1 ------------------------------------------------------------------------ On 2008-06-20T12:37:28+00:00 Ali Polatel wrote: I've bumped vim-core,vim and gvim to 7.1.319. @security: I plan to remove vim-6.4. Do you want me to mask it or will you do it? Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/2 ------------------------------------------------------------------------ On 2008-07-06T18:59:00+00:00 Py wrote: ali: please proceed with the mask. Arches, please test and mark stable app-editors/vim-core-7.1.319. Target KEYWORDS: "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd" Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/4 ------------------------------------------------------------------------ On 2008-07-06T20:11:28+00:00 Bluebird wrote: Are we supposted to just stablize vim-core or vim-core,vim and gvim? Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/5 ------------------------------------------------------------------------ On 2008-07-06T20:17:58+00:00 Py wrote: (In reply to comment #3) > Are we supposted to just stablize vim-core or vim-core,vim and gvim? > both of them, my mistake. Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/6 ------------------------------------------------------------------------ On 2008-07-06T20:21:38+00:00 Jeroen Roovers wrote: (In reply to comment #4) > (In reply to comment #3) > > Are we supposted to just stablize vim-core or vim-core,vim and gvim? > > > > both of them, my mistake. All three of them. Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/7 ------------------------------------------------------------------------ On 2008-07-06T21:00:04+00:00 Cla-o wrote: amd64/x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/8 ------------------------------------------------------------------------ On 2008-07-06T21:05:33+00:00 Cla-o wrote: Also unCC arches. Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/9 ------------------------------------------------------------------------ On 2008-07-06T21:45:16+00:00 Jeroen Roovers wrote: Stable for HPPA. Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/10 ------------------------------------------------------------------------ On 2008-07-06T22:38:29+00:00 Fmccor wrote: All three stable on sparc. I've been using [vim, gvim]-7.1.319 pretty heavily for almost four weeks with no problems. Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/11 ------------------------------------------------------------------------ On 2008-07-07T02:56:22+00:00 Ranger-z wrote: ppc and ppc64 done for all three pkgs Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/12 ------------------------------------------------------------------------ On 2008-07-07T12:15:53+00:00 Raúl Porcel wrote: alpha/ia64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/13 ------------------------------------------------------------------------ On 2008-07-15T16:46:28+00:00 Keytoaster wrote: Does this version actually fix all of the vulnerabilities? Using the test suite from http://www.rdancer.org/vulnerablevim.html I get the following result: ------------------------------------------- -------- Test results below --------------- ------------------------------------------- filetype.vim strong : EXPLOIT FAILED weak : EXPLOIT FAILED zipplugin : VULNERABLE xpm.vim xpm : VULNERABLE xpm2 : VULNERABLE remote : VULNERABLE gzip_vim : EXPLOIT FAILED netrw : VULNERABLE Should be noted in the GLSA I guess. Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/14 ------------------------------------------------------------------------ On 2008-07-17T12:15:28+00:00 Keytoaster wrote: vim team, do you know if upstream is trying to fix the remaining issues in the near future? if yes, we will postpone this glsa until everything is fixed. Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/15 ------------------------------------------------------------------------ On 2008-08-14T08:44:21+00:00 Ali Polatel wrote: (In reply to comment #13) > vim team, do you know if upstream is trying to fix the remaining issues in the > near future? if yes, we will postpone this glsa until everything is fixed. > {vim,gvim}-7.2 fixes this. It's in CVS. ------------------------------------------- -------- Test results below --------------- ------------------------------------------- Vim version 7.2 zip.vim version: netrw.vim version: ------------------------------------------- filetype.vim strong : EXPLOIT FAILED weak : EXPLOIT FAILED tarplugin : EXPLOIT FAILED tarplugin.updated: EXPLOIT FAILED tarplugin.v2: EXPLOIT FAILED zipplugin : EXPLOIT FAILED zipplugin.v2: EXPLOIT FAILED xpm.vim xpm : EXPLOIT FAILED xpm2 : EXPLOIT FAILED remote : EXPLOIT FAILED gzip_vim : EXPLOIT FAILED netrw : EXPLOIT FAILED netrw.v2 : EXPLOIT FAILED netrw.v3 : EXPLOIT FAILED netrw.v4 : EXPLOIT FAILED netrw.v5 : EXPLOIT FAILED shellescape: EXPLOIT FAILED Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/16 ------------------------------------------------------------------------ On 2014-05-31T18:05:24+00:00 Ackle wrote: This issue has been fixed on Security-supported arches since Aug 15, 2008. No GLSA will be issued Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/24 ** Changed in: vim (Gentoo Linux) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/240216 Title: Collection of vulnerabilities in Vim reported by rdancer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
