CVE-2009-0316 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0316): Untrusted search path vulnerability in the Python module in vim allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
I am not sure whether this bug is being tracked upstream. Please see the blocker for details and a patch example.
This is patched by 7.2.045, and vim-7.2.108 which contains said patch is in the tree.
Jim, do you ACK =app-editors/vim-7.2.182 for stabling?
I do indeed ACK, thanks. Sorry for the late response :)
Arches, please test and mark stable: =app-editors/vim-7.2.182 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
What about gvim-7.2.182 & vim-core-7.2.182? For example, vim-7.2.182 depends on vim-core-7.2.182, and normally those three all go together. I suppose this is really a request for all of them at once, but I'll wait for your response before doing so (I have been using these pretty heavily on sparc for a couple months, so marking them stable is not a problem).
You are right. The whole pack, as usua: =app-editors/vim-7.2.182 =app-editors/vim-core-7.2.182 Target keywords :"alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" =app-editors/gvim-7.2.182 Target keywords :"alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Thanks. Sparc stable for [g]vim[-core]-7.2.182.
x86 stable
alpha/arm/ia64/m68k/s390/sh stable
Stable for HPPA.
ppc stable
amd64 stable for those packages in comment #7
ppc64 done
Ready for vote, I vote YES.
Yes, too. Will be added to the an pending vim glsa.
This issue has been fixed since Jul 26, 2009. No GLSA will be issued.