← Back to branch summary

~ubuntu-branches/ubuntu/intrepid/vim/intrepid-proposed

Viewing all changes in revision 41.

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-01-06 14:56:09 UTC
  • Revision ID: james.westby@ubuntu.com-20090106145609-8si8hpj7tnpd7wwv
Tags: 1:7.1.314-3ubuntu3.1
* SECURITY UPDATE: arbitrary command execution via vim scripts
  - Cherry-picked fixes from Debian's Lenny vim svn.
  - http://git.debian.org/?p=pkg-vim/vim.git;a=shortlog;h=refs/heads/maint/lenny
  - runtime/autoload/netrw.vim: Backported NetrwDelete() from netrw v132 so
    we pass the netrw.v4 vulnerability test from www.rdancer.org
  - CVE-2008-2712
* SECURITY UPDATE: user-assisted arbitrary command execution from "K" in
  Visual mode
  - Upstream patch 7.2.010
  - src/normal.c: NUL-terminate the identifier string
  - src/normal.c: Only use the word under the cursor, instead of the entire
    line after the cursor, when constructing the shell command to run.
  - http://git.debian.org/?p=pkg-vim/vim.git;a=commit;h=cb279e0979a103089695c21564ccc5bf8de5f558
  - http://git.debian.org/?p=pkg-vim/vim.git;a=commit;h=706c71e15525a8939ede60c827f4131007f0c81e
  - http://git.debian.org/?p=pkg-vim/vim.git;a=commit;h=805d0695937ec8c634a3d07393df2e7e565370b4
  - CVE-2008-4101

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: