Collection of vulnerabilities in Vim reported by rdancer
Bug #240216 reported by
Olivier Mengué
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vim (Gentoo Linux) |
Fix Released
|
High
|
|||
vim (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Feisty |
Won't Fix
|
Undecided
|
Jamie Strandboge | ||
Gutsy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Hardy |
Fix Released
|
Undecided
|
Jamie Strandboge |
Bug Description
Binary package hint: vim
Multiples vulnerabilities exploitable from file content or file names have been reported here:
http://
Current version of Vim in Hardy is 7.1.138 which is older than the reported vulnerable version, so is vulnerable too.
Upgrade to Vim 7.1.314 or above is recommended.
See http://
Related branches
Changed in vim: | |
assignee: | nobody → jdstrand |
status: | New → Confirmed |
assignee: | nobody → jdstrand |
status: | New → Confirmed |
assignee: | nobody → jdstrand |
status: | New → Confirmed |
assignee: | nobody → jdstrand |
status: | New → Confirmed |
Changed in vim: | |
status: | Unknown → In Progress |
Changed in vim (Ubuntu Dapper): | |
status: | Confirmed → Fix Released |
Changed in vim (Ubuntu Gutsy): | |
status: | Confirmed → Fix Released |
Changed in vim (Ubuntu Hardy): | |
status: | Confirmed → Fix Released |
Changed in vim (Gentoo Linux): | |
importance: | Unknown → High |
Changed in vim (Gentoo Linux): | |
status: | In Progress → Fix Released |
To post a comment you must log in.
Vim Shell Command Injection Vulnerabilities see the url
Reproducible: Always