Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Sep 2008 16:56:36 +0200
From: Jan Lieskovsky <>
        Jan Minář <>,
        Tomas Hoger <>, Karsten Hopp <>
Subject: [oss-list] CVE request (vim)

Hello Steve,

  found relatively old issue in Vim, which was not covered
by the CVE-2008-2712 patch. Could you please assign a new
CVE id for it:

Report:  [1]
Proposed patch:
Other references:

Affected versions: Successfully reproduced on vim-6.0-7.15 through vim-7.1.291-1.

Proof of concept: See part "4. EXPLOIT" from [1] report. The xclock
                  part is easily reproducible.

Impact: Arbitrary code execution.

Thank you in advance
Kind regards
Jan iankko Lieskovsky
RH Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ