Your message dated Sat, 30 Jul 2005 04:18:10 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#320017: fixed in vim 1:6.3-071+1sarge1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jul 2005 12:34:24 +0000
>From [EMAIL PROTECTED] Tue Jul 26 05:34:15 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail01.pironet-ndh.com (mail.pironet-ndh.com) [194.64.31.10]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DxOdF-0000hM-00; Tue, 26 Jul 2005 05:34:01 -0700
Received: from mail.fbn-dd.de (mail.fbn-dd.de [195.227.105.178])
by mail.pironet-ndh.com (Postfix) with ESMTP id B9E5455244F;
Tue, 26 Jul 2005 14:33:27 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de
(192-168-0-1.transfer-000.intranet.fbn-dd.de [192.168.0.1])
by mail.fbn-dd.de (Postfix) with ESMTP
id 631492637E; Tue, 26 Jul 2005 14:33:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by sonne.intranet.fbn-dd.de (Postfix) with ESMTP
id 6C42D2010E; Tue, 26 Jul 2005 14:33:27 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de (localhost [127.0.0.1])
by localhost (AvMailGate-2.0.1.16) id 02908-0C583C8E;
Tue, 26 Jul 2005 14:33:26 +0200
Received: from localhost.localdomain (10-28-130-200.intranet-28-130.fbn-dd.de
[10.28.130.200])
by sonne.intranet.fbn-dd.de (Postfix) with ESMTP
id DD1612010E; Tue, 26 Jul 2005 14:33:25 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id 851793F08; Tue, 26 Jul 2005 14:33:31 +0200 (CEST)
Date: Tue, 26 Jul 2005 14:33:31 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: vim: Arbitrary code execution in modelines
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.16; AVE: 6.31.1.0;
VDF: 6.31.1.21; host: sonne)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: vim
Version: 1:6.3-078+1
Severity: grave
Tags: security
Hi!
Georgi Guninski found another modeline vuln in vim:
http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html=20
I already asked for a CAN number, I'll forward it when I get one.
You can get the Ubuntu debdiff from
http://patches.ubuntu.com/patches/vim.code-modelines.diff
for fixing sarge and possibly woody. For unstable, you should probably
just upgrade to the latest upstream version.
Thanks,
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFC5i2bDecnbV4Fd/IRAhcDAKDY1E876wIPsI4EuiH27IzZ/2xbOACg0ny0
tcbxgqgezHDP/8Tk6lg+y6I=
=dvVP
-----END PGP SIGNATURE-----
--EVF5PPMfhYS0aIcm--
---------------------------------------
Received: (at 320017-close) by bugs.debian.org; 30 Jul 2005 11:29:39 +0000
>From [EMAIL PROTECTED] Sat Jul 30 04:29:39 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1DypM2-0006V3-00; Sat, 30 Jul 2005 04:18:10 -0700
From: Norbert Tretkowski <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#320017: fixed in vim 1:6.3-071+1sarge1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 30 Jul 2005 04:18:10 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: vim
Source-Version: 1:6.3-071+1sarge1
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:
vim-common_6.3-071+1sarge1_all.deb
to pool/main/v/vim/vim-common_6.3-071+1sarge1_all.deb
vim-doc_6.3-071+1sarge1_all.deb
to pool/main/v/vim/vim-doc_6.3-071+1sarge1_all.deb
vim-full_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim-full_6.3-071+1sarge1_i386.deb
vim-gnome_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim-gnome_6.3-071+1sarge1_i386.deb
vim-gtk_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim-gtk_6.3-071+1sarge1_i386.deb
vim-lesstif_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim-lesstif_6.3-071+1sarge1_i386.deb
vim-perl_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim-perl_6.3-071+1sarge1_i386.deb
vim-python_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim-python_6.3-071+1sarge1_i386.deb
vim-ruby_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim-ruby_6.3-071+1sarge1_i386.deb
vim-tcl_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim-tcl_6.3-071+1sarge1_i386.deb
vim_6.3-071+1sarge1.diff.gz
to pool/main/v/vim/vim_6.3-071+1sarge1.diff.gz
vim_6.3-071+1sarge1.dsc
to pool/main/v/vim/vim_6.3-071+1sarge1.dsc
vim_6.3-071+1sarge1_i386.deb
to pool/main/v/vim/vim_6.3-071+1sarge1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Tretkowski <[EMAIL PROTECTED]> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 30 Jul 2005 12:16:45 +0200
Source: vim
Binary: vim-full vim-lesstif vim-common vim-doc vim-gnome vim vim-gtk vim-perl
vim-tiny vim-ruby vim-python vim-tcl
Architecture: source i386 all
Version: 1:6.3-071+1sarge1
Distribution: stable
Urgency: high
Maintainer: Debian VIM Maintainers <[EMAIL PROTECTED]>
Changed-By: Norbert Tretkowski <[EMAIL PROTECTED]>
Description:
vim - Vi IMproved - enhanced vi editor
vim-common - Vi IMproved - Common files
vim-doc - Vi IMproved - Documentation files
vim-full - Vi IMproved - full fledged version of the enhanced vi editor
vim-gnome - Vi IMproved - GNOME2 Version
vim-gtk - Vi IMproved - GTK2 Version
vim-lesstif - Vi IMproved - LessTif Version
vim-perl - Vi IMproved, with perl scripting support
vim-python - Vi IMproved, with python scripting support
vim-ruby - Vi IMproved, with ruby scripting support
vim-tcl - Vi IMproved, with tcl scripting support
Closes: 320017
Changes:
vim (1:6.3-071+1sarge1) stable; urgency=high
.
* New upstream patches (081 and 082), see README.gz for details.
+ 6.3.081, 6.3.082: Fix arbitrary shell commands execution by wrapping
them in glob() or expand() function calls in modelines. (CAN-2005-2368)
(closes: #320017)
Files:
c2918b1403a0e65c2eff698ce4eecae7 1376 editors optional vim_6.3-071+1sarge1.dsc
3f48e9c3587057edac690af1e9cdf17f 261802 editors optional
vim_6.3-071+1sarge1.diff.gz
59c871aef36cea8d608cc4f69ff2b8e5 1649430 editors optional
vim-doc_6.3-071+1sarge1_all.deb
d3119cb474dff02d0dbe807875763fd8 3424524 editors optional
vim-common_6.3-071+1sarge1_all.deb
0084fd78daca198dfdc48c25a4e92933 707166 editors optional
vim_6.3-071+1sarge1_i386.deb
7a263feabd3d37cd8b398564b03e6cb1 730326 editors extra
vim-perl_6.3-071+1sarge1_i386.deb
a6a5d4aa1c85c32efff464334d9cf9cf 722894 editors extra
vim-python_6.3-071+1sarge1_i386.deb
de1c847134f11690d239eba30800ab09 718696 editors extra
vim-ruby_6.3-071+1sarge1_i386.deb
374f49e821bfef4b2f68fda83bdd732d 722524 editors extra
vim-tcl_6.3-071+1sarge1_i386.deb
c9db8ce0d84d369cda86492488456858 715114 editors extra
vim-gtk_6.3-071+1sarge1_i386.deb
8b14c87d7757ba43760e9ec5561e8c48 657400 editors extra
vim-lesstif_6.3-071+1sarge1_i386.deb
d40f876fe5c73238f3598a9f7cba83d5 717116 editors extra
vim-gnome_6.3-071+1sarge1_i386.deb
9e5a429e2d74714e5c3660381af6394b 751146 editors extra
vim-full_6.3-071+1sarge1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC61tBr/RnCw96jQERAhKrAJ42nxUBKM+emlaDnbfCH1AfLuW5eACcCPvR
a+JS+a2/OrXKeVbCtCAijYk=
=1jxx
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
