Debian Bug report logs - #320017
vim: Arbitrary code execution in modelines (CAN-2005-2368)

version graph

Package: vim; Maintainer for vim is Debian Vim Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>; Source for vim is src:vim.

Reported by: Martin Pitt <martin.pitt@canonical.com>

Date: Tue, 26 Jul 2005 12:48:02 UTC

Severity: grave

Tags: patch, sarge, security, woody

Found in version vim/1:6.3-078+1

Fixed in versions vim/1:6.3-085+1, vim/1:6.3-071+1sarge1

Done: Norbert Tretkowski <nobse@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Martin Pitt <martin.pitt@canonical.com>:
New Bug report received and forwarded. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Martin Pitt <martin.pitt@canonical.com>
To: submit@bugs.debian.org
Cc: security@debian.org
Subject: vim: Arbitrary code execution in modelines
Date: Tue, 26 Jul 2005 14:33:31 +0200
[Message part 1 (text/plain, inline)]
Package: vim
Version: 1:6.3-078+1
Severity: grave
Tags: security

Hi!

Georgi Guninski found another modeline vuln in vim:

  http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html 

I already asked for a CAN number, I'll forward it when I get one.

You can get the Ubuntu debdiff from

  http://patches.ubuntu.com/patches/vim.code-modelines.diff

for fixing sarge and possibly woody. For unstable, you should probably
just upgrade to the latest upstream version.

Thanks,

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Norbert Tretkowski <norbert@tretkowski.de>:
Extra info received and forwarded to list. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 320017@bugs.debian.org (full text, mbox):

From: Norbert Tretkowski <norbert@tretkowski.de>
To: Martin Pitt <martin.pitt@canonical.com>, 320017@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#320017: vim: Arbitrary code execution in modelines
Date: Tue, 26 Jul 2005 17:11:58 +0200
tags 320017 +pending
tags 320017 +patch
thanks

* Martin Pitt wrote:
> For unstable, you should probably just upgrade to the latest
> upstream version.

Thanks, I'm currently preparing an update, and upload it as soon as
possible.

Norbert



Information forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Norbert Tretkowski <norbert@tretkowski.de>:
Extra info received and forwarded to list. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 320017@bugs.debian.org (full text, mbox):

From: Norbert Tretkowski <norbert@tretkowski.de>
To: Martin Pitt <martin.pitt@canonical.com>, 320017@bugs.debian.org
Subject: Re: Bug#320017: vim: Arbitrary code execution in modelines
Date: Tue, 26 Jul 2005 18:37:47 +0200
* Norbert Tretkowski wrote:
> * Martin Pitt wrote:
> > For unstable, you should probably just upgrade to the latest
> > upstream version.
> 
> Thanks, I'm currently preparing an update, and upload it as soon as
> possible.

http://people.debian.org/~nobse/upload/vim/

Upload when ftp-master is back.

Norbert



Tags added: pending Request was from Norbert Tretkowski <norbert@tretkowski.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: patch Request was from Norbert Tretkowski <norbert@tretkowski.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Martin Pitt <martin.pitt@canonical.com>:
Extra info received and forwarded to list. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #24 received at 320017@bugs.debian.org (full text, mbox):

From: Martin Pitt <martin.pitt@canonical.com>
To: 320017@bugs.debian.org, Vendor Security <vendor-sec@lst.de>
Subject: Fwd: Re: Requesting CAN for vim vulnerability [was: [Full-disclosure] Help poor children in Uganda]
Date: Tue, 26 Jul 2005 21:25:24 +0200
[Message part 1 (text/plain, inline)]
----- Forwarded message from "Steven M. Christey" <coley@linus.mitre.org> -----

Date: Tue, 26 Jul 2005 15:06:02 -0400 (EDT)
From: "Steven M. Christey" <coley@linus.mitre.org>
To: Martin Pitt <martin.pitt@canonical.com>
Cc: cve@mitre.org
Subject: Re: Requesting CAN for vim vulnerability [was: [Full-disclosure]
 Help poor children in Uganda]
X-Spam-Status: No, score=2.0 required=4.0 tests=AWL,BAYES_95 autolearn=no 
	version=3.0.3


Here you go...

======================================================
Candidate: CAN-2005-2368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368
Reference: FULLDISC:20050725 Help poor children in Uganda
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.html
Reference: MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html

vim 6.3 before 6.3.082, with modelines enabled, allows attackers to
execute arbitrary commands via shell metacharacters in the (1) glob or
(2) expand commands of a foldexpr expression for calculating fold
levels.



----- End forwarded message -----

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
[signature.asc (application/pgp-signature, inline)]

Reply sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Martin Pitt <martin.pitt@canonical.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #29 received at 320017-close@bugs.debian.org (full text, mbox):

From: Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
To: 320017-close@bugs.debian.org
Subject: Bug#320017: fixed in vim 1:6.3-085+1
Date: Thu, 28 Jul 2005 06:02:13 -0700
Source: vim
Source-Version: 1:6.3-085+1

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:

vim-common_6.3-085+1_all.deb
  to pool/main/v/vim/vim-common_6.3-085+1_all.deb
vim-doc_6.3-085+1_all.deb
  to pool/main/v/vim/vim-doc_6.3-085+1_all.deb
vim-full_6.3-085+1_i386.deb
  to pool/main/v/vim/vim-full_6.3-085+1_i386.deb
vim-gnome_6.3-085+1_i386.deb
  to pool/main/v/vim/vim-gnome_6.3-085+1_i386.deb
vim-gtk_6.3-085+1_i386.deb
  to pool/main/v/vim/vim-gtk_6.3-085+1_i386.deb
vim-lesstif_6.3-085+1_i386.deb
  to pool/main/v/vim/vim-lesstif_6.3-085+1_i386.deb
vim-perl_6.3-085+1_i386.deb
  to pool/main/v/vim/vim-perl_6.3-085+1_i386.deb
vim-python_6.3-085+1_i386.deb
  to pool/main/v/vim/vim-python_6.3-085+1_i386.deb
vim-ruby_6.3-085+1_i386.deb
  to pool/main/v/vim/vim-ruby_6.3-085+1_i386.deb
vim-tcl_6.3-085+1_i386.deb
  to pool/main/v/vim/vim-tcl_6.3-085+1_i386.deb
vim_6.3-085+1.diff.gz
  to pool/main/v/vim/vim_6.3-085+1.diff.gz
vim_6.3-085+1.dsc
  to pool/main/v/vim/vim_6.3-085+1.dsc
vim_6.3-085+1_i386.deb
  to pool/main/v/vim/vim_6.3-085+1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 320017@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 28 Jul 2005 12:16:06 +0200
Source: vim
Binary: vim-full vim-lesstif vim-common vim-doc vim-gnome vim vim-gtk vim-perl vim-tiny vim-ruby vim-python vim-tcl
Architecture: source i386 all
Version: 1:6.3-085+1
Distribution: unstable
Urgency: high
Maintainer: Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Description: 
 vim        - Vi IMproved - enhanced vi editor
 vim-common - Vi IMproved - Common files
 vim-doc    - Vi IMproved - Documentation files
 vim-full   - Vi IMproved - full fledged version of the enhanced vi editor
 vim-gnome  - Vi IMproved - GNOME2 Version
 vim-gtk    - Vi IMproved - GTK2 Version
 vim-lesstif - Vi IMproved - LessTif Version
 vim-perl   - Vi IMproved, with perl scripting support
 vim-python - Vi IMproved, with python scripting support
 vim-ruby   - Vi IMproved, with ruby scripting support
 vim-tcl    - Vi IMproved, with tcl scripting support
Closes: 308890 311234 314309 320017
Changes: 
 vim (1:6.3-085+1) unstable; urgency=high
 .
   * New upstream patches (079 to 085), see README.gz for details.
     + 6.3.082: Fix arbitrary shell commands execution by wrapping them in
       glob() or expand() function calls in modelines. (CAN-2005-2368)
       (closes: #320017)
 .
   * James Vega <jamessan@jamessan.com>
     + Added patch 129_filetype.vim.diff, which sets the filetype to perl for
       *.plx files. (closes: #314309)
 .
   * Matthijs Mohlmann <matthijs@cacholong.nl>
     + Added patch 130_fstab.vim.diff, added bind as option. (closes: #308890)
     + Added patch 131_xxd.1.diff, fixes typo in xxd manpage. (closes: #311234)
Files: 
 532806f6c0f4bff7ac3775e802cc4a5c 1369 editors optional vim_6.3-085+1.dsc
 2664f9d24fbda6d3550763f152c89feb 283063 editors optional vim_6.3-085+1.diff.gz
 0d3cf5c7053a2939855c9aa2a3468dd1 1650106 editors optional vim-doc_6.3-085+1_all.deb
 34b9788bc5e7fc977682153246617f48 3424616 editors optional vim-common_6.3-085+1_all.deb
 e6cc4f75a39a882e42f2ee75bfea8178 724926 editors optional vim_6.3-085+1_i386.deb
 badc097f41ca1ff37d368c607e909dde 741248 editors extra vim-perl_6.3-085+1_i386.deb
 66a27ca02e059e469b53ddcd2acc4a4c 733774 editors extra vim-python_6.3-085+1_i386.deb
 ea87b059cf13b764ca23e38f2f18ab5f 729436 editors extra vim-ruby_6.3-085+1_i386.deb
 a42d140c50583ccfdf07e24fce1ee819 693852 editors extra vim-tcl_6.3-085+1_i386.deb
 3140a8065116eafdedfa5e2b91622200 686328 editors extra vim-gtk_6.3-085+1_i386.deb
 c16a97dc37e0913e2368bac14acf56a1 666732 editors extra vim-lesstif_6.3-085+1_i386.deb
 539d0685c42fcee34f01270d93b4c227 688516 editors extra vim-gnome_6.3-085+1_i386.deb
 848896bc1bd0e1e02867c43fe1710cdc 762204 editors extra vim-full_6.3-085+1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC6M6cr/RnCw96jQERAuK/AJ4oMHF6vtRCeOrhtZd8km/E6qc7LACgonoT
1QHXdkKyI86JYntlXd9L328=
=ZCub
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Helge Kreutzmann <kreutzm@itp.uni-hannover.de>:
Extra info received and forwarded to list. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #34 received at 320017@bugs.debian.org (full text, mbox):

From: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>
To: 320017@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Woody and Sarge still missing
Date: Thu, 28 Jul 2005 20:40:41 +0200
reopen 320017
tags 320017 + sarge, woody
thanks dude

Please close once woody and sarge are dealt with. If woody is not
vulnerable, then remember to add CAN-2005-2368 to
http://www.debian.org/security/nonvulns-woody

Greetings

             Helge
-- 
Dr. Helge Kreutzmann, Dipl.-Phys.           Helge.Kreutzmann@itp.uni-hannover.de
                       gpg signed mail preferred 
    64bit GNU powered                  http://www.itp.uni-hannover.de/~kreutzm
          Help keep free software "libre": http://www.ffii.de/



Bug reopened, originator not changed. Request was from Helge Kreutzmann <kreutzm@itp.uni-hannover.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: sarge, woody Request was from Helge Kreutzmann <kreutzm@itp.uni-hannover.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Norbert Tretkowski <norbert@tretkowski.de>:
Extra info received and forwarded to list. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #43 received at 320017@bugs.debian.org (full text, mbox):

From: Norbert Tretkowski <norbert@tretkowski.de>
To: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>, 320017@bugs.debian.org
Subject: Re: Bug#320017: Woody and Sarge still missing
Date: Sat, 30 Jul 2005 12:04:06 +0200
* Helge Kreutzmann wrote:
> Please close once woody and sarge are dealt with.

Sorry, my fault... I forgot to reopen it.

Anyway, there will be no official update from the security team, so
I'm going to upload a fixed package to stable-proposed-updates (and
maybe oldstable-proposed-updates) which will make it into 3.1r1.

Regards, Norbert



Information forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Norbert Tretkowski <norbert@tretkowski.de>:
Extra info received and forwarded to list. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #48 received at 320017@bugs.debian.org (full text, mbox):

From: Norbert Tretkowski <norbert@tretkowski.de>
To: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>, 320017@bugs.debian.org
Subject: Re: Bug#320017: Woody and Sarge still missing
Date: Sat, 30 Jul 2005 12:34:38 +0200
* Norbert Tretkowski wrote:
> * Helge Kreutzmann wrote:
> > Please close once woody and sarge are dealt with.
> 
> Sorry, my fault... I forgot to reopen it.
> 
> Anyway, there will be no official update from the security team, so
> I'm going to upload a fixed package to stable-proposed-updates (and
> maybe oldstable-proposed-updates) which will make it into 3.1r1.

An upload to oldstable-proposed-updates is not possible, so we have no
chance to update the woody package, if it's really affected.

Norbert



Reply sent to Norbert Tretkowski <nobse@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Martin Pitt <martin.pitt@canonical.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #53 received at 320017-close@bugs.debian.org (full text, mbox):

From: Norbert Tretkowski <nobse@debian.org>
To: 320017-close@bugs.debian.org
Subject: Bug#320017: fixed in vim 1:6.3-071+1sarge1
Date: Sat, 30 Jul 2005 04:18:10 -0700
Source: vim
Source-Version: 1:6.3-071+1sarge1

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:

vim-common_6.3-071+1sarge1_all.deb
  to pool/main/v/vim/vim-common_6.3-071+1sarge1_all.deb
vim-doc_6.3-071+1sarge1_all.deb
  to pool/main/v/vim/vim-doc_6.3-071+1sarge1_all.deb
vim-full_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-full_6.3-071+1sarge1_i386.deb
vim-gnome_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-gnome_6.3-071+1sarge1_i386.deb
vim-gtk_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-gtk_6.3-071+1sarge1_i386.deb
vim-lesstif_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-lesstif_6.3-071+1sarge1_i386.deb
vim-perl_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-perl_6.3-071+1sarge1_i386.deb
vim-python_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-python_6.3-071+1sarge1_i386.deb
vim-ruby_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-ruby_6.3-071+1sarge1_i386.deb
vim-tcl_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-tcl_6.3-071+1sarge1_i386.deb
vim_6.3-071+1sarge1.diff.gz
  to pool/main/v/vim/vim_6.3-071+1sarge1.diff.gz
vim_6.3-071+1sarge1.dsc
  to pool/main/v/vim/vim_6.3-071+1sarge1.dsc
vim_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim_6.3-071+1sarge1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 320017@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Tretkowski <nobse@debian.org> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 30 Jul 2005 12:16:45 +0200
Source: vim
Binary: vim-full vim-lesstif vim-common vim-doc vim-gnome vim vim-gtk vim-perl vim-tiny vim-ruby vim-python vim-tcl
Architecture: source i386 all
Version: 1:6.3-071+1sarge1
Distribution: stable
Urgency: high
Maintainer: Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: Norbert Tretkowski <nobse@debian.org>
Description: 
 vim        - Vi IMproved - enhanced vi editor
 vim-common - Vi IMproved - Common files
 vim-doc    - Vi IMproved - Documentation files
 vim-full   - Vi IMproved - full fledged version of the enhanced vi editor
 vim-gnome  - Vi IMproved - GNOME2 Version
 vim-gtk    - Vi IMproved - GTK2 Version
 vim-lesstif - Vi IMproved - LessTif Version
 vim-perl   - Vi IMproved, with perl scripting support
 vim-python - Vi IMproved, with python scripting support
 vim-ruby   - Vi IMproved, with ruby scripting support
 vim-tcl    - Vi IMproved, with tcl scripting support
Closes: 320017
Changes: 
 vim (1:6.3-071+1sarge1) stable; urgency=high
 .
   * New upstream patches (081 and 082), see README.gz for details.
     + 6.3.081, 6.3.082: Fix arbitrary shell commands execution by wrapping
       them in glob() or expand() function calls in modelines. (CAN-2005-2368)
       (closes: #320017)
Files: 
 c2918b1403a0e65c2eff698ce4eecae7 1376 editors optional vim_6.3-071+1sarge1.dsc
 3f48e9c3587057edac690af1e9cdf17f 261802 editors optional vim_6.3-071+1sarge1.diff.gz
 59c871aef36cea8d608cc4f69ff2b8e5 1649430 editors optional vim-doc_6.3-071+1sarge1_all.deb
 d3119cb474dff02d0dbe807875763fd8 3424524 editors optional vim-common_6.3-071+1sarge1_all.deb
 0084fd78daca198dfdc48c25a4e92933 707166 editors optional vim_6.3-071+1sarge1_i386.deb
 7a263feabd3d37cd8b398564b03e6cb1 730326 editors extra vim-perl_6.3-071+1sarge1_i386.deb
 a6a5d4aa1c85c32efff464334d9cf9cf 722894 editors extra vim-python_6.3-071+1sarge1_i386.deb
 de1c847134f11690d239eba30800ab09 718696 editors extra vim-ruby_6.3-071+1sarge1_i386.deb
 374f49e821bfef4b2f68fda83bdd732d 722524 editors extra vim-tcl_6.3-071+1sarge1_i386.deb
 c9db8ce0d84d369cda86492488456858 715114 editors extra vim-gtk_6.3-071+1sarge1_i386.deb
 8b14c87d7757ba43760e9ec5561e8c48 657400 editors extra vim-lesstif_6.3-071+1sarge1_i386.deb
 d40f876fe5c73238f3598a9f7cba83d5 717116 editors extra vim-gnome_6.3-071+1sarge1_i386.deb
 9e5a429e2d74714e5c3660381af6394b 751146 editors extra vim-full_6.3-071+1sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC61tBr/RnCw96jQERAhKrAJ42nxUBKM+emlaDnbfCH1AfLuW5eACcCPvR
a+JS+a2/OrXKeVbCtCAijYk=
=1jxx
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Norbert Tretkowski <norbert@tretkowski.de>:
Extra info received and forwarded to list. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #58 received at 320017@bugs.debian.org (full text, mbox):

From: Norbert Tretkowski <norbert@tretkowski.de>
To: 320017@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#320017: marked as done (vim: Arbitrary code execution in modelines)
Date: Sat, 30 Jul 2005 13:48:52 +0200
reopen 320017
thanks

* Debian Bug Tracking System wrote:
>  vim (1:6.3-071+1sarge1) stable; urgency=high
>  .
>    * New upstream patches (081 and 082), see README.gz for details.
>      + 6.3.081, 6.3.082: Fix arbitrary shell commands execution by wrapping
>        them in glob() or expand() function calls in modelines. (CAN-2005-2368)
>        (closes: #320017)

I'm going to close it when 3.1r1 is released.

Norbert



Bug reopened, originator not changed. Request was from Norbert Tretkowski <norbert@tretkowski.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>:
Bug#320017; Package vim. Full text and rfc822 format available.

Acknowledgement sent to Steve Langasek <vorlon@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #65 received at 320017@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: Norbert Tretkowski <norbert@tretkowski.de>, 320017@bugs.debian.org
Subject: Re: Bug#320017: marked as done (vim: Arbitrary code execution in modelines)
Date: Sat, 30 Jul 2005 14:08:59 -0700
[Message part 1 (text/plain, inline)]
On Sat, Jul 30, 2005 at 01:48:52PM +0200, Norbert Tretkowski wrote:
> reopen 320017
> thanks

> * Debian Bug Tracking System wrote:
> >  vim (1:6.3-071+1sarge1) stable; urgency=high
> >  .
> >    * New upstream patches (081 and 082), see README.gz for details.
> >      + 6.3.081, 6.3.082: Fix arbitrary shell commands execution by wrapping
> >        them in glob() or expand() function calls in modelines. (CAN-2005-2368)
> >        (closes: #320017)

> I'm going to close it when 3.1r1 is released.

Wouldn't it be better to just use the version tracking instead?

-- 
Steve Langasek
postmodern programmer
[signature.asc (application/pgp-signature, inline)]

Changed Bug title. Request was from Branden Robinson <branden@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: pending Request was from Norbert Tretkowski <nobse@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 1:6.3-085+1, send any further explanations to Martin Pitt <martin.pitt@canonical.com> Request was from Filipus Klutiero <ido@vif.com> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 1:6.3-071+1sarge1, send any further explanations to Martin Pitt <martin.pitt@canonical.com> Request was from Filipus Klutiero <ido@vif.com> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Norbert Tretkowski <nobse@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Martin Pitt <martin.pitt@canonical.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #78 received at 320017-close@bugs.debian.org (full text, mbox):

From: Norbert Tretkowski <nobse@debian.org>
To: 320017-close@bugs.debian.org
Subject: Bug#320017: fixed in vim 1:6.3-071+1sarge1
Date: Fri, 16 Dec 2005 23:24:46 -0800
Source: vim
Source-Version: 1:6.3-071+1sarge1

We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:

vim-common_6.3-071+1sarge1_all.deb
  to pool/main/v/vim/vim-common_6.3-071+1sarge1_all.deb
vim-doc_6.3-071+1sarge1_all.deb
  to pool/main/v/vim/vim-doc_6.3-071+1sarge1_all.deb
vim-full_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-full_6.3-071+1sarge1_i386.deb
vim-gnome_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-gnome_6.3-071+1sarge1_i386.deb
vim-gtk_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-gtk_6.3-071+1sarge1_i386.deb
vim-lesstif_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-lesstif_6.3-071+1sarge1_i386.deb
vim-perl_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-perl_6.3-071+1sarge1_i386.deb
vim-python_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-python_6.3-071+1sarge1_i386.deb
vim-ruby_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-ruby_6.3-071+1sarge1_i386.deb
vim-tcl_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim-tcl_6.3-071+1sarge1_i386.deb
vim_6.3-071+1sarge1.diff.gz
  to pool/main/v/vim/vim_6.3-071+1sarge1.diff.gz
vim_6.3-071+1sarge1.dsc
  to pool/main/v/vim/vim_6.3-071+1sarge1.dsc
vim_6.3-071+1sarge1_i386.deb
  to pool/main/v/vim/vim_6.3-071+1sarge1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 320017@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Norbert Tretkowski <nobse@debian.org> (supplier of updated vim package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 30 Jul 2005 12:16:45 +0200
Source: vim
Binary: vim-full vim-lesstif vim-common vim-doc vim-gnome vim vim-gtk vim-perl vim-tiny vim-ruby vim-python vim-tcl
Architecture: source i386 all
Version: 1:6.3-071+1sarge1
Distribution: stable
Urgency: high
Maintainer: Debian VIM Maintainers <pkg-vim-maintainers@lists.alioth.debian.org>
Changed-By: Norbert Tretkowski <nobse@debian.org>
Description: 
 vim        - Vi IMproved - enhanced vi editor
 vim-common - Vi IMproved - Common files
 vim-doc    - Vi IMproved - Documentation files
 vim-full   - Vi IMproved - full fledged version of the enhanced vi editor
 vim-gnome  - Vi IMproved - GNOME2 Version
 vim-gtk    - Vi IMproved - GTK2 Version
 vim-lesstif - Vi IMproved - LessTif Version
 vim-perl   - Vi IMproved, with perl scripting support
 vim-python - Vi IMproved, with python scripting support
 vim-ruby   - Vi IMproved, with ruby scripting support
 vim-tcl    - Vi IMproved, with tcl scripting support
Closes: 320017
Changes: 
 vim (1:6.3-071+1sarge1) stable; urgency=high
 .
   * New upstream patches (081 and 082), see README.gz for details.
     + 6.3.081, 6.3.082: Fix arbitrary shell commands execution by wrapping
       them in glob() or expand() function calls in modelines. (CAN-2005-2368)
       (closes: #320017)
Files: 
 c2918b1403a0e65c2eff698ce4eecae7 1376 editors optional vim_6.3-071+1sarge1.dsc
 3f48e9c3587057edac690af1e9cdf17f 261802 editors optional vim_6.3-071+1sarge1.diff.gz
 59c871aef36cea8d608cc4f69ff2b8e5 1649430 editors optional vim-doc_6.3-071+1sarge1_all.deb
 d3119cb474dff02d0dbe807875763fd8 3424524 editors optional vim-common_6.3-071+1sarge1_all.deb
 0084fd78daca198dfdc48c25a4e92933 707166 editors optional vim_6.3-071+1sarge1_i386.deb
 7a263feabd3d37cd8b398564b03e6cb1 730326 editors extra vim-perl_6.3-071+1sarge1_i386.deb
 a6a5d4aa1c85c32efff464334d9cf9cf 722894 editors extra vim-python_6.3-071+1sarge1_i386.deb
 de1c847134f11690d239eba30800ab09 718696 editors extra vim-ruby_6.3-071+1sarge1_i386.deb
 374f49e821bfef4b2f68fda83bdd732d 722524 editors extra vim-tcl_6.3-071+1sarge1_i386.deb
 c9db8ce0d84d369cda86492488456858 715114 editors extra vim-gtk_6.3-071+1sarge1_i386.deb
 8b14c87d7757ba43760e9ec5561e8c48 657400 editors extra vim-lesstif_6.3-071+1sarge1_i386.deb
 d40f876fe5c73238f3598a9f7cba83d5 717116 editors extra vim-gnome_6.3-071+1sarge1_i386.deb
 9e5a429e2d74714e5c3660381af6394b 751146 editors extra vim-full_6.3-071+1sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC61tBr/RnCw96jQERAhKrAJ42nxUBKM+emlaDnbfCH1AfLuW5eACcCPvR
a+JS+a2/OrXKeVbCtCAijYk=
=1jxx
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 18:02:53 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 23:27:53 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.