Bug#320017: Fwd: Re: Requesting CAN for vim vulnerability [was: [Full-disclosure] Help poor children in Uganda]

Martin Pitt martin.pitt at canonical.com
Tue Jul 26 19:25:24 UTC 2005


----- Forwarded message from "Steven M. Christey" <coley at linus.mitre.org> -----

Date: Tue, 26 Jul 2005 15:06:02 -0400 (EDT)
From: "Steven M. Christey" <coley at linus.mitre.org>
To: Martin Pitt <martin.pitt at canonical.com>
Cc: cve at mitre.org
Subject: Re: Requesting CAN for vim vulnerability [was: [Full-disclosure]
 Help poor children in Uganda]
X-Spam-Status: No, score=2.0 required=4.0 tests=AWL,BAYES_95 autolearn=no 
	version=3.0.3


Here you go...

======================================================
Candidate: CAN-2005-2368
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368
Reference: FULLDISC:20050725 Help poor children in Uganda
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-July/035402.html
Reference: MISC:http://www.guninski.com/where_do_you_want_billg_to_go_today_5.html

vim 6.3 before 6.3.082, with modelines enabled, allows attackers to
execute arbitrary commands via shell metacharacters in the (1) glob or
(2) expand commands of a foldexpr expression for calculating fold
levels.



----- End forwarded message -----

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-vim-maintainers/attachments/20050726/55133f62/attachment.pgp


More information about the pkg-vim-maintainers mailing list