Vulnerability in vim's modeline handling

Matthew Burgess matthew at linuxfromscratch.org
Thu Aug 4 01:52:58 PDT 2005


Hi folks,

All branches of the LFS book, including the 6.1 stable release are 
affected by a vulnerability in Vim's modeline handling.  For full 
details see 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368 and 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320017.

A patch is available upstream 
(ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.082).

I'll be updating trunk and the gcc-4 branch later today.

Regards,

Matt.



More information about the lfs-security mailing list