Summary: | app-editors/vim(-core?): format string vulnerability (CVE-2007-2953) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Cornelius (RETIRED) <dercorny> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | a.hurst, bernd, hawking, jesse, nelchael | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B3 [noglsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Stefan Cornelius (RETIRED)
2007-07-17 17:22:00 UTC
Created attachment 125263 [details, diff]
050_all_vim-7.1-format_str-fix.patch
Hi, all vim and gvim versions in the tree are affected by this. The versions that will need revbumping are 7.1.028, 7.0.235, 7.0.174 and 6.4. The other three versions - 7.1, 7.1-r1, 7.1.002 - can be removed from the tree as their keywords are shadowed by 7.1.028.
The attached patch will go into the new versions of gentoo patches and ebuilds will be modified to use it instead of the old ones. I'm not attaching any ebuilds because the change is very trivial.
The patch contains another fix for the append_redir function in the same file which can be exploited in a similar way by crafting opt or fname. I guess this should be reported too.
I'm a new dev and very new in the vim herd so I'll appreciate any help and/or comments to my solution and patch ;)
Comment on attachment 125263 [details, diff]
050_all_vim-7.1-format_str-fix.patch
This is fixed with 7.1.039. I'm bumping vim,gvim and vim-core now.
*** Bug 186877 has been marked as a duplicate of this bug. *** vim-7.1.042 fixes this one and needs to go stable among with vim-core-7.1.042 and gvim-7.1.042. hey, arches please test vim-7.1.042, vim-core-7.1.042 and finally gvim-7.1.042 and mark as stable if it fit's nicely into the rest, thanks. for the log: opening bug since its public. amd64 stable x86 Stable sure CONFIDENTAL in topic is still accurate? ;) All stable on sparc. Stable for HPPA. *** Bug 187299 has been marked as a duplicate of this bug. *** (In reply to comment #7) > x86 Stable Nope, you need to do gvim as well. *** Bug 187313 has been marked as a duplicate of this bug. *** x86 stable finally alpha/ia64 stable Looks like ranger stabled this for ppc ... ranger did ppc64, too. ready for glsa decision. I vote YES. I tend to vote no - this is a pretty obscure functionality and unlikely to be used on untrusted data. I vote NO. since I don't know vim very much ( cause basically I'm a emacs user :) and wrt aetius comment, finally changing my vote to NO and closing. |