First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 99578
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: solar <solar@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 99578 depends on: Show dependency tree
Bug 99578 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-07-19 14:40 0000 
vim patch 6.3.081 is needed
ciaranm who currently is unable to login to bugzilla said that 
ka0ttic, slarti, rphillips or agriffis could act as the proxy to commit this 
update.

http://groups.yahoo.com/group/vimdev/message/40147

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-07-19 22:00:41 0000 ------- 
ka0ttic, slarti, rphillips or agriffis please advise.

------- Comment #2 From SpanKY 2005-07-20 06:33:47 0000 ------- 
ciaranm says that upgrading to 6.3.082 resolves this (and similar issues with
expand())

------- Comment #3 From Ryan Phillips (RETIRED) 2005-07-21 10:34:16 0000 ------- 
i'm working on committing 084.

------- Comment #4 From Ryan Phillips (RETIRED) 2005-07-21 11:02:32 0000 ------- 
ok. 084 has been committed and unmasked on x86.

------- Comment #5 From Stefan Cornelius (RETIRED) 2005-07-21 11:30:21 0000 ------- 
Arches, please test and mark gvim (except arm and s390), vim and vim-core
6.3.084 stable. Thanks everybody!

------- Comment #6 From Chris Gianelloni (RETIRED) 2005-07-21 13:58:51 0000 ------- 
Is it OK to mark these bad boys as blocker during release time when we're under
crunch time if it is holding us up?

Heh...

Well... this is blocking the release at the moment... thanks all

------- Comment #7 From Daniel Gryniewicz 2005-07-21 14:08:12 0000 ------- 
This would already be stable on amd64 if I could get the patches from the
mirrors...

------- Comment #8 From René Nussbaumer 2005-07-21 14:09:09 0000 ------- 
Stable on hppa

------- Comment #9 From Herbie Hopkins (RETIRED) 2005-07-21 14:23:45 0000 ------- 
Stable on amd64.

------- Comment #10 From Stefan Cornelius (RETIRED) 2005-07-21 14:28:18 0000 ------- 
Upgrading severity to blocker as requested by wolf31o2

------- Comment #11 From Ryan Phillips (RETIRED) 2005-07-21 14:38:28 0000 ------- 
The mirrors should have the packages now.

------- Comment #12 From Joe Jezak 2005-07-21 15:41:34 0000 ------- 
Marked ppc stable.

------- Comment #13 From Gustavo Zacarias (RETIRED) 2005-07-21 16:07:02 0000 ------- 
sparc stable.
FYI ppc forgot about gvim... how's that reading ability doing? ;)

------- Comment #14 From Joe Jezak 2005-07-21 16:20:38 0000 ------- 
Yeah, yeah.  Sorry about that, I forgot to commit.  It's fixed.

------- Comment #15 From Sune Kloppenborg Jeppesen 2005-07-21 21:53:35 0000 ------- 
Back to blocker.

------- Comment #16 From Markus Rothe 2005-07-22 01:15:58 0000 ------- 
stable on ppc64

------- Comment #17 From Bryan Østergaard (RETIRED) 2005-07-22 14:11:56 0000 ------- 
Stable on alpha.

------- Comment #18 From Sune Kloppenborg Jeppesen 2005-07-23 01:05:25 0000 ------- 
This one is ready for GLSA decision.

------- Comment #19 From Tavis Ormandy (RETIRED) 2005-07-23 02:35:22 0000 ------- 
voting NO, gentoo disables modelines by default, which i assume is the only 
attack vector here.

Also, the vim documentation states that the sandbox is not guaranteed to be 
secure.

------- Comment #20 From Sune Kloppenborg Jeppesen 2005-07-23 04:15:47 0000 ------- 
Thx for the explanation Tavis. I also vote NO.  
  
Closing with NO GLSA.  
 
arm, ia64, mips, s390 please remember to mark stable.

------- Comment #21 From Hardave Riar (RETIRED) 2005-07-23 15:05:54 0000 ------- 
Stable on mips.

------- Comment #22 From Stefan Cornelius (RETIRED) 2005-07-26 05:15:09 0000 ------- 
*** Bug 100353 has been marked as a duplicate of this bug. ***

------- Comment #23 From solar 2005-07-27 20:52:56 0000 ------- 
Candidate: CAN-2005-2368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368
Reference: FULLDISC:20050725 Help poor children in Uganda
Reference:
URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.html
Reference: MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html

vim 6.3 before 6.3.082, with modelines enabled, allows attackers to
execute arbitrary commands via shell metacharacters in the (1) glob or
(2) expand commands of a foldexpr expression for calculating fold
levels.
First Last Prev Next    No search results available      Search page      Enter new bug