-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-01-07 08:27:51 UTC
-
Revision ID:
james.westby@ubuntu.com-20090107082751-f6hg2eqm8aul6r6e
Tags: 1:7.1-138+1ubuntu3.1
* SECURITY UPDATE: arbitrary command execution via vim scripts
- patches/910_SECURITY_CVE-2008-2712.diff: Cherry-picked fixes from
Debian's Lenny vim svn and backported NetrwDelete() from netrw v132 so
we pass the netrw.v4 vulnerability test from www.rdancer.org
- CVE-2008-2712
* SECURITY UPDATE: user-assisted arbitrary command execution from "K" in
Visual mode
- patches/911_SECURITY_CVE-2008-4104.diff:
- Upstream patch 7.2.010
- src/normal.c: NUL-terminate the identifier string
- src/normal.c: Only use the word under the cursor, instead of the entire
line after the cursor, when constructing the shell command to run.
- CVE-2008-4101