Summary: | <app-editors/{vim,gvim}-8.0.0106: arbitrary code execution (CVE-2016-1248) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Peter Sterk <link> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | depasquale.andrea, vim |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://cve.circl.lu/cve/CVE-2016-1248 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
=app-editors/vim-core-8.0.0106
=app-editors/vim-8.0.0106
=app-editors/gvim-8.0.0106
|
Runtime testing required: | --- |
Description
Peter Sterk
2016-11-24 09:28:37 UTC
CVE-2016-1248 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1248): vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. @maintainer(s), please bump and call for stable when ready:
>=app-editors/vim-8.0.0056
Adjusting severity according A2 rating. Arches go ahead. In particular, stabilize: =app-editors/vim-core-8.0.0106 =app-editors/vim-8.0.0106 =app-editors/gvim-8.0.0106 amd64 stable x86 stable Stable on alpha. arm stable sparc stable ia64 stable ppc stable ppc64 stable Stable for HPPA. New GLSA request filed. @ Maintainer(s): Please cleanup an drop <app-editors/vim-8.0.0106 and <app-editors/gvim-8.0.0106. This issue was resolved and addressed in GLSA 201701-29 at https://security.gentoo.org/glsa/201701-29 by GLSA coordinator Aaron Bauman (b-man). reopened for cleanup commit e380ffe8d135faa24a151dbd8efc6777d6599b75 (HEAD -> master, origin/master, origin/HEAD) Author: Aaron Bauman <bman@gentoo.org> AuthorDate: Tue Jan 24 13:40:22 2017 +0900 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Tue Jan 24 10:32:14 2017 +0100 app-editors/{g,}vim: remove vulnerable versions. Gentoo-Bug: https://bugs.gentoo.org/600650 Closes: https://github.com/gentoo/gentoo/pull/3615 app-editors/gvim/Manifest | 5 - app-editors/gvim/gvim-7.4.2102.ebuild | 390 -------------------------------- app-editors/gvim/gvim-7.4.769.ebuild | 414 ---------------------------------- app-editors/gvim/gvim-8.0.0005.ebuild | 408 --------------------------------- app-editors/vim/Manifest | 5 - app-editors/vim/vim-7.4.2102.ebuild | 349 ---------------------------- app-editors/vim/vim-7.4.769.ebuild | 384 ------------------------------- app-editors/vim/vim-8.0.0005.ebuild | 349 ---------------------------- 8 files changed, 2304 deletions(-) delete mode 100644 app-editors/gvim/gvim-7.4.2102.ebuild delete mode 100644 app-editors/gvim/gvim-7.4.769.ebuild delete mode 100644 app-editors/gvim/gvim-8.0.0005.ebuild delete mode 100644 app-editors/vim/vim-7.4.2102.ebuild delete mode 100644 app-editors/vim/vim-7.4.769.ebuild delete mode 100644 app-editors/vim/vim-8.0.0005.ebuild |