[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] [oss-list] CVE request (vim)
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-09-16 1:13:32
Message-ID: Pine.GSO.4.51.0809152111340.6953 () faron ! mitre ! org
[Download RAW message or body]


On Thu, 11 Sep 2008, [UTF-8] Pınar YanardaÄ^_ wrote:

> Jan Lieskovsky wrote On 09/11/2008 05:56 PM:
> > (...)
> > 
> > Report: http://www.rdancer.org/vulnerablevim-K.html  [1]
> > Proposed patch: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
> >  
> 
> 
> Unfortunately, this patch was incomplete and  rdancer has released
> another patch for this issue:
> 
> http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/f730da13efe2dd73?hide_quotes=no#msg_9290f26f9bc11b33
> 

It's not clear whether to merge this with CVE-2008-4101 - if the original
incomplete patch made it into some distro or public version of vim then
OK, but we generally don't distinguish between patches (CVE-wise) when
they're all part of the same bug discussion and there hasn't been a
release.

- Steve


[prev in list] [next in list] [prev in thread] [next in thread]