Comment 1 Sune Kloppenborg Jeppesen (RETIRED) 2005-07-19 22:00:41 UTC

ka0ttic, slarti, rphillips or agriffis please advise. 

Comment 2 SpanKY 2005-07-20 06:33:47 UTC

ciaranm says that upgrading to 6.3.082 resolves this (and similar issues with
expand())

Comment 3 Ryan Phillips (RETIRED) 2005-07-21 10:34:16 UTC

i'm working on committing 084.

Comment 4 Ryan Phillips (RETIRED) 2005-07-21 11:02:32 UTC

ok. 084 has been committed and unmasked on x86.

Comment 5 Stefan Cornelius (RETIRED) 2005-07-21 11:30:21 UTC

Arches, please test and mark gvim (except arm and s390), vim and vim-core
6.3.084 stable. Thanks everybody!

Comment 6 Chris Gianelloni (RETIRED) 2005-07-21 13:58:51 UTC

Is it OK to mark these bad boys as blocker during release time when we're under
crunch time if it is holding us up?

Heh...

Well... this is blocking the release at the moment... thanks all

Comment 7 Daniel Gryniewicz (RETIRED) 2005-07-21 14:08:12 UTC

This would already be stable on amd64 if I could get the patches from the mirrors...

Comment 8 René Nussbaumer (RETIRED) 2005-07-21 14:09:09 UTC

Stable on hppa

Comment 9 Herbie Hopkins (RETIRED) 2005-07-21 14:23:45 UTC

Stable on amd64.

Comment 10 Stefan Cornelius (RETIRED) 2005-07-21 14:28:18 UTC

Upgrading severity to blocker as requested by wolf31o2

Comment 11 Ryan Phillips (RETIRED) 2005-07-21 14:38:28 UTC

The mirrors should have the packages now.

Comment 12 Joe Jezak (RETIRED) 2005-07-21 15:41:34 UTC

Marked ppc stable.

Comment 13 Gustavo Zacarias (RETIRED) 2005-07-21 16:07:02 UTC

sparc stable.
FYI ppc forgot about gvim... how's that reading ability doing? ;)

Comment 14 Joe Jezak (RETIRED) 2005-07-21 16:20:38 UTC

Yeah, yeah.  Sorry about that, I forgot to commit.  It's fixed.

Comment 15 Sune Kloppenborg Jeppesen (RETIRED) 2005-07-21 21:53:35 UTC

Back to blocker. 

Comment 16 Markus Rothe (RETIRED) 2005-07-22 01:15:58 UTC

stable on ppc64

Comment 17 Bryan Østergaard (RETIRED) 2005-07-22 14:11:56 UTC

Stable on alpha.

Comment 18 Sune Kloppenborg Jeppesen (RETIRED) 2005-07-23 01:05:25 UTC

This one is ready for GLSA decision. 

Comment 19 Tavis Ormandy (RETIRED) 2005-07-23 02:35:22 UTC

voting NO, gentoo disables modelines by default, which i assume is the only 
attack vector here.

Also, the vim documentation states that the sandbox is not guaranteed to be 
secure.

Comment 20 Sune Kloppenborg Jeppesen (RETIRED) 2005-07-23 04:15:47 UTC

Thx for the explanation Tavis. I also vote NO.  
  
Closing with NO GLSA.  
 
arm, ia64, mips, s390 please remember to mark stable. 

Comment 21 Hardave Riar (RETIRED) 2005-07-23 15:05:54 UTC

Stable on mips.

Comment 22 Stefan Cornelius (RETIRED) 2005-07-26 05:15:09 UTC

*** Bug 100353 has been marked as a duplicate of this bug. ***

Comment 23 solar (RETIRED) 2005-07-27 20:52:56 UTC

Candidate: CAN-2005-2368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368
Reference: FULLDISC:20050725 Help poor children in Uganda
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.html
Reference: MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html

vim 6.3 before 6.3.082, with modelines enabled, allows attackers to
execute arbitrary commands via shell metacharacters in the (1) glob or
(2) expand commands of a foldexpr expression for calculating fold
levels.