Date: Mon, 15 Sep 2008 21:13:32 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: [oss-list] CVE request (vim) On Thu, 11 Sep 2008, [UTF-8] P─▒nar Yanarda─^_ wrote: > Jan Lieskovsky wrote On 09/11/2008 05:56 PM: > > (...) > > > > Report: http://www.rdancer.org/vulnerablevim-K.html  > > Proposed patch: http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2 > > > > > Unfortunately, this patch was incomplete and rdancer has released > another patch for this issue: > > http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/f730da13efe2dd73?hide_quotes=no#msg_9290f26f9bc11b33 It's not clear whether to merge this with CVE-2008-4101 - if the original incomplete patch made it into some distro or public version of vim then OK, but we generally don't distinguish between patches (CVE-wise) when they're all part of the same bug discussion and there hasn't been a release. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.