Viewing all changes in revision 36.
- Committer: Bazaar Package Importer
- Date: 2009-01-07 08:27:51 UTC
- Revision ID: james.westby@ubuntu.com-20090107082751-f6hg2eqm8aul6r6e
* SECURITY UPDATE: arbitrary command execution via vim scripts
- patches/910_SECURITY_CVE-2008-2712.diff: Cherry-picked fixes from
Debian's Lenny vim svn and backported NetrwDelete() from netrw v132 so
we pass the netrw.v4 vulnerability test from www.rdancer.org
- CVE-2008-2712
* SECURITY UPDATE: user-assisted arbitrary command execution from "K" in
Visual mode
- patches/911_SECURITY_CVE-2008-4104.diff:
- Upstream patch 7.2.010
- src/normal.c: NUL-terminate the identifier string
- src/normal.c: Only use the word under the cursor, instead of the entire
line after the cursor, when constructing the shell command to run.
- CVE-2008-4101
- patches/910_SECURITY_CVE-2008-2712.diff: Cherry-picked fixes from
Debian's Lenny vim svn and backported NetrwDelete() from netrw v132 so
we pass the netrw.v4 vulnerability test from www.rdancer.org
- CVE-2008-2712
* SECURITY UPDATE: user-assisted arbitrary command execution from "K" in
Visual mode
- patches/911_SECURITY_CVE-2008-4104.diff:
- Upstream patch 7.2.010
- src/normal.c: NUL-terminate the identifier string
- src/normal.c: Only use the word under the cursor, instead of the entire
line after the cursor, when constructing the shell command to run.
- CVE-2008-4101
- files added:
- patches/910_SECURITY_CVE-2008-2712.diff
- files modified:
- debian/changelog
expand all
collapse all
added
removed
