-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2009-01-06 14:56:09 UTC
-
Revision ID:
james.westby@ubuntu.com-20090106145609-8si8hpj7tnpd7wwv
Tags: 1:7.1.314-3ubuntu3.1
* SECURITY UPDATE: arbitrary command execution via vim scripts
- Cherry-picked fixes from Debian's Lenny vim svn.
- http://git.debian.org/?p=pkg-vim/vim.git;a=shortlog;h=refs/heads/maint/lenny
- runtime/autoload/netrw.vim: Backported NetrwDelete() from netrw v132 so
we pass the netrw.v4 vulnerability test from www.rdancer.org
- CVE-2008-2712
* SECURITY UPDATE: user-assisted arbitrary command execution from "K" in
Visual mode
- Upstream patch 7.2.010
- src/normal.c: NUL-terminate the identifier string
- src/normal.c: Only use the word under the cursor, instead of the entire
line after the cursor, when constructing the shell command to run.
- http://git.debian.org/?p=pkg-vim/vim.git;a=commit;h=cb279e0979a103089695c21564ccc5bf8de5f558
- http://git.debian.org/?p=pkg-vim/vim.git;a=commit;h=706c71e15525a8939ede60c827f4131007f0c81e
- http://git.debian.org/?p=pkg-vim/vim.git;a=commit;h=805d0695937ec8c634a3d07393df2e7e565370b4
- CVE-2008-4101