Your message dated Wed, 19 Jan 2005 02:17:20 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#289560: fixed in vim 1:6.3-058+1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Jan 2005 21:48:15 +0000
>From [EMAIL PROTECTED] Tue Jan 18 13:48:14 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cr1Cw-0008RO-00; Tue, 18 Jan 2005 13:48:14 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 1837017E9E
for <[EMAIL PROTECTED]>; Tue, 18 Jan 2005 21:48:13 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 4F33C6F23C; Tue, 18 Jan 2005 16:50:17 -0500 (EST)
Date: Tue, 18 Jan 2005 16:50:17 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: vim: temporary file vulnerabilities (CAN-2005-0069)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="XF85m9dhOBO43t/C"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--XF85m9dhOBO43t/C
Content-Type: multipart/mixed; boundary="CE+1k2dSO48ffgeK"
Content-Disposition: inline
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: vim
Version: 1:6.3-054+1
Severity: grave
Tags: patch security
As described in the Ubuntu advisory below, vim's tcltags and vimspell
scripts use temp files insecurely. I've attached a patch I extraced from
the Ubuntu diff.
----- Forwarded message from Martin Pitt <[EMAIL PROTECTED]> -----
=46rom: Martin Pitt <[EMAIL PROTECTED]>
Date: Tue, 18 Jan 2005 17:56:58 +0100
To: [EMAIL PROTECTED]
Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com
Subject: [USN-61-1] vim vulnerabilities
User-Agent: Mutt/1.5.6+20040907i
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-61-1 January 18, 2005
vim vulnerabilities
CAN-2005-0069
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
kvim
vim
vim-gnome
vim-gtk
vim-lesstif
vim-perl
vim-python
vim-tcl
The problem can be corrected by upgrading the affected package to
version 1:6.3-025+1ubuntu2.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Javier Fern=E1ndez-Sanguino Pe=F1a noticed that the auxillary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script
(either by calling it directly or by execution through vim).
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.=
2.diff.gz
Size/MD5: 425421 ee7e4653fb70fd45329bf5773e610ad6
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.=
2.dsc
Size/MD5: 1122 9bd9428dd29c8aa562f4b97566b9a05a
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3.orig.tar.gz
Size/MD5: 5624622 de1c964ceedbc13538da87d2d73fd117
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-common_6.3-025+1u=
buntu2.2_all.deb
Size/MD5: 3421084 8dc7b200376add6ccb2896e2f6e80e0d
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-doc_6.3-025+1ubun=
tu2.2_all.deb
Size/MD5: 1646686 2c2716a1dad40612baaaf28ebc0de3a6
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubu=
ntu2.2_amd64.deb
Size/MD5: 2586 1e0b1528b70e54e2bcff3a02acaacbc5
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ub=
untu2.2_amd64.deb
Size/MD5: 805722 51093d7843d5fb20ece35d2f53eadb0d
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1=
ubuntu2.2_amd64.deb
Size/MD5: 802452 d4fd55aca188063434361f5674805dec
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-0=
25+1ubuntu2.2_amd64.deb
Size/MD5: 784100 1d477c5f09466e8942d0f7da3c221afd
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+=
1ubuntu2.2_amd64.deb
Size/MD5: 809126 646c31a0d612b398943b4c2a42c9b6f9
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-02=
5+1ubuntu2.2_amd64.deb
Size/MD5: 802470 ede70bb09d39b7571fae1192900b0385
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1=
ubuntu2.2_amd64.deb
Size/MD5: 801160 aa65781693eca8d06230bc5f8ee29463
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.=
2_amd64.deb
Size/MD5: 765120 b5425b1b087b9528e7e4a9ef25493299
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubu=
ntu2.2_i386.deb
Size/MD5: 2590 edbd9dc0be6acaea44ee02e09c6e5c3e
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ub=
untu2.2_i386.deb
Size/MD5: 702656 7a12cb5196a1257eae527f5b231d763d
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1=
ubuntu2.2_i386.deb
Size/MD5: 700006 486ea88f3d0a2c4eb1804c09bca8418b
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-0=
25+1ubuntu2.2_i386.deb
Size/MD5: 682462 61c39ffed3017081974a3af522b61959
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+=
1ubuntu2.2_i386.deb
Size/MD5: 707674 05989ac6496d7a1db524b68bd1acd313
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-02=
5+1ubuntu2.2_i386.deb
Size/MD5: 700022 09e7ebbe082c99520d11fa33277cc212
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1=
ubuntu2.2_i386.deb
Size/MD5: 699634 673329baa7cd9aca70cca9f87943a628
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.=
2_i386.deb
Size/MD5: 680130 305b1d85bbdb52dd9869a21664049be3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/kvim_6.3-025+1ubu=
ntu2.2_powerpc.deb
Size/MD5: 2586 f56083ef36048c9b94c41a37c35633dc
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim-gnome_6.3-025+1ub=
untu2.2_powerpc.deb
Size/MD5: 787984 e38f3d9674200796e39438ece635ebf7
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-gtk_6.3-025+1=
ubuntu2.2_powerpc.deb
Size/MD5: 785338 bdb6dd908d78a1172a431b4dbbea97f5
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-lesstif_6.3-0=
25+1ubuntu2.2_powerpc.deb
Size/MD5: 769822 b4dc7592d9a49fa63488ff35b7f9b97d
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-perl_6.3-025+=
1ubuntu2.2_powerpc.deb
Size/MD5: 792362 76ae3cbe76e78757cd82b08b8ebe2aa8
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-python_6.3-02=
5+1ubuntu2.2_powerpc.deb
Size/MD5: 785354 c4e418a1fba8015c2416b662a77a257f
http://security.ubuntu.com/ubuntu/pool/universe/v/vim/vim-tcl_6.3-025+1=
ubuntu2.2_powerpc.deb
Size/MD5: 784868 c9f9251376c1cb48552fd8012acbec7c
http://security.ubuntu.com/ubuntu/pool/main/v/vim/vim_6.3-025+1ubuntu2.=
2_powerpc.deb
Size/MD5: 754620 c69a3dc15fddab0bad774759dd3ea6ae
----- End forwarded message -----
--=20
see shy jo
--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="vim.tmpfile"
Content-Transfer-Encoding: quoted-printable
diff -urN vim63/runtime/tools/tcltags vim63.new/runtime/tools/tcltags
--- vim63/runtime/tools/tcltags 1999-08-01 14:01:46.000000000 +0200
+++ vim63.new/runtime/tools/tcltags 2005-01-18 16:25:24.452393560 +0100
@@ -8,7 +8,8 @@
program_version=3D"0.3"
program_author=3D"Darren Hiebert"
author_email=3D"[EMAIL PROTECTED]"
-tmp_tagfile=3D/tmp/${program_name}.$$
+tmp_tagfile=3D`mktemp -t tcltagXXXXXX` || exit 1
+trap "rm -rf $tmp_tagfile" 0 1 2 3 9 11 13 15
=20
usage=3D"\
Usage: $program_name [-au] [-{f|o} tagfile] [--format=3Dn] file(s)
diff -urN vim63/runtime/tools/vimspell.sh vim63.new/runtime/tools/vimspell.=
sh
--- vim63/runtime/tools/vimspell.sh 1999-08-01 14:01:46.000000000 +0200
+++ vim63.new/runtime/tools/vimspell.sh 2005-01-18 16:20:40.774519152 +0100
@@ -13,9 +13,7 @@
# March 1999
=20
INFILE=3D$1
-OUTFILE=3D/tmp/vimspell.$$
-# if you have "tempfile", use the following line
-#OUTFILE=3D`tempfile`
+OUTFILE=3D`mktemp -t vimspellXXXXXX` || exit 1
=20
#
# local spellings
--CE+1k2dSO48ffgeK--
--XF85m9dhOBO43t/C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB7YSXd8HHehbQuO8RAkcwAJwKqEvPHJIcA35dIGiAPHBzzjEGuwCfYPZ+
U6tUcStJTCtIfROCYYq/Jwg=
=PeGK
-----END PGP SIGNATURE-----
--XF85m9dhOBO43t/C--
---------------------------------------
Received: (at 289560-close) by bugs.debian.org; 19 Jan 2005 07:25:31 +0000
>From [EMAIL PROTECTED] Tue Jan 18 23:25:31 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CrADb-0000gs-00; Tue, 18 Jan 2005 23:25:31 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CrA5g-0005d8-00; Wed, 19 Jan 2005 02:17:20 -0500
From: Norbert Tretkowski <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#289560: fixed in vim 1:6.3-058+1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 19 Jan 2005 02:17:20 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: vim
Source-Version: 1:6.3-058+1
We believe that the bug you reported is fixed in the latest version of
vim, which is due to be installed in the Debian FTP archive:
kvim-perl_6.3-058+1_alpha.deb
to pool/main/v/vim/kvim-perl_6.3-058+1_alpha.deb
kvim-python_6.3-058+1_alpha.deb
to pool/main/v/vim/kvim-python_6.3-058+1_alpha.deb
kvim-ruby_6.3-058+1_alpha.deb
to pool/main/v/vim/kvim-ruby_6.3-058+1_alpha.deb
kvim-tcl_6.3-058+1_alpha.deb
to pool/main/v/vim/kvim-tcl_6.3-058+1_alpha.deb
kvim_6.3-058+1_alpha.deb
to pool/main/v/vim/kvim_6.3-058+1_alpha.deb
vim-common_6.3-058+1_all.deb
to pool/main/v/vim/vim-common_6.3-058+1_all.deb
vim-doc_6.3-058+1_all.deb
to pool/main/v/vim/vim-doc_6.3-058+1_all.deb
vim-gnome_6.3-058+1_alpha.deb
to pool/main/v/vim/vim-gnome_6.3-058+1_alpha.deb
vim-gtk_6.3-058+1_alpha.deb
to pool/main/v/vim/vim-gtk_6.3-058+1_alpha.deb
vim-lesstif_6.3-058+1_alpha.deb
to pool/main/v/vim/vim-lesstif_6.3-058+1_alpha.deb
vim-perl_6.3-058+1_alpha.deb
to pool/main/v/vim/vim-perl_6.3-058+1_alpha.deb
vim-python_6.3-058+1_alpha.deb
to pool/main/v/vim/vim-python_6.3-058+1_alpha.deb
vim-ruby_6.3-058+1_alpha.deb
to pool/main/v/vim/vim-ruby_6.3-058+1_alpha.deb
vim-tcl_6.3-058+1_alpha.deb
to pool/main/v/vim/vim-tcl_6.3-058+1_alpha.deb
vim_6.3-058+1.diff.gz
to pool/main/v/vim/vim_6.3-058+1.diff.gz
vim_6.3-058+1.dsc
to pool/main/v/vim/vim_6.3-058+1.dsc
vim_6.3-058+1_alpha.deb
to pool/main/v/vim/vim_6.3-058+1_alpha.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Norbert Tretkowski <[EMAIL PROTECTED]> (supplier of updated vim package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 18 Jan 2005 20:12:25 +0100
Source: vim
Binary: vim-lesstif vim-common vim-doc vim-gnome kvim-ruby vim vim-gtk
kvim-perl vim-perl kvim-tcl vim-tiny vim-ruby vim-python vim-tcl kvim-python
kvim
Architecture: source alpha all
Version: 1:6.3-058+1
Distribution: unstable
Urgency: high
Maintainer: Norbert Tretkowski <[EMAIL PROTECTED]>
Changed-By: Norbert Tretkowski <[EMAIL PROTECTED]>
Description:
kvim - Vi IMproved - KDE 3.x version
kvim-perl - Vi IMproved - KDE 3.x version with Perl scripting support
kvim-python - Vi IMproved - KDE 3.x version with Python scripting support
kvim-ruby - Vi IMproved - KDE 3.x version with Ruby scripting support
kvim-tcl - Vi IMproved - KDE 3.x version with TCL scripting support
vim - Vi IMproved - enhanced vi editor
vim-common - Vi IMproved - Common files
vim-doc - Vi IMproved - Documentation files
vim-gnome - Vi IMproved - GNOME2 Version
vim-gtk - Vi IMproved - GTK2 Version
vim-lesstif - Vi IMproved - LessTif Version
vim-perl - Vi IMproved, with perl scripting support
vim-python - Vi IMproved, with python scripting support
vim-ruby - Vi IMproved, with ruby scripting support
vim-tcl - Vi IMproved, with tcl scripting support
Closes: 289560
Changes:
vim (1:6.3-058+1) unstable; urgency=high
.
* new upstream patches (055 to 058), see README.gz for details
* added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
tcltags.sh so they use mktemp instead of insecure $$ construction to
create temporary files (CAN-2005-0069) (closes: #289560)
Files:
40905ece508f1000b53e1cb0b1a0b679 1114 editors optional vim_6.3-058+1.dsc
2a764ada0d4dd2892216d998ee424257 459960 editors optional vim_6.3-058+1.diff.gz
3be4f39ae87c85af51774b43842f852a 1599902 editors optional
vim-doc_6.3-058+1_all.deb
aa8f4256bcea255a870d42f41095f54f 3422002 editors extra
vim-common_6.3-058+1_all.deb
f98fcfb0ac9f26668d2b9c50c8b8b431 899984 editors optional
vim_6.3-058+1_alpha.deb
57c868841b4003df54d6f987c4bbdac4 1071112 editors extra
kvim-perl_6.3-058+1_alpha.deb
05337f051d46820de859772559c78139 958048 editors extra
vim-perl_6.3-058+1_alpha.deb
de1bd16ca6ec536da4957e12101a2970 1065922 editors extra
kvim-python_6.3-058+1_alpha.deb
104772252250acd9e35eb16e1b46e395 952474 editors extra
vim-python_6.3-058+1_alpha.deb
f035d0ca05939a17677acfa333e48fb4 1059382 editors extra
kvim-ruby_6.3-058+1_alpha.deb
f4d69d869fda4e6fd655b9d4229fd792 947204 editors extra
vim-ruby_6.3-058+1_alpha.deb
7ab3e529cbd43991d48c8dda291116a8 1023598 editors extra
kvim-tcl_6.3-058+1_alpha.deb
5dc0fafa0034556186a396c14a99274a 952276 editors extra
vim-tcl_6.3-058+1_alpha.deb
bc9d36d4e37c120fa30b37ef5f6a66ba 941254 editors extra
vim-gtk_6.3-058+1_alpha.deb
f32726f0b47e5c361b2aa21f16f2e118 881260 editors extra
vim-lesstif_6.3-058+1_alpha.deb
d0c6f0b0576fc1861f5f8cc92e63bd19 944624 editors extra
vim-gnome_6.3-058+1_alpha.deb
c6c1d71c24df7a1aeea026905a3e09d5 1013734 editors extra kvim_6.3-058+1_alpha.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB7gZvr/RnCw96jQERAhWYAJ9UkUmPjUQDlvNVCfJSKDP03U7JxQCgoqhG
mJk6cJVq2LlVKW2RgSZ/NrM=
=djsk
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
