Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 15 Sep 2008 21:13:32 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: [oss-list] CVE request (vim)


On Thu, 11 Sep 2008, [UTF-8] Pınar YanardaÄ^_ wrote:

> Jan Lieskovsky wrote On 09/11/2008 05:56 PM:
> > (...)
> >
> > Report: http://www.rdancer.org/vulnerablevim-K.html  [1]
> > Proposed patch: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2
> >
>
>
> Unfortunately, this patch was incomplete and  rdancer has released
> another patch for this issue:
>
> http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/f730da13efe2dd73?hide_quotes=no#msg_9290f26f9bc11b33

It's not clear whether to merge this with CVE-2008-4101 - if the original
incomplete patch made it into some distro or public version of vim then
OK, but we generally don't distinguish between patches (CVE-wise) when
they're all part of the same bug discussion and there hasn't been a
release.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.