Fedora Legacy Test Update Notification: vim

Marc Deslauriers marcdeslauriers at videotron.ca
Thu Feb 17 22:13:05 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2343
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2343
2005-02-17
---------------------------------------------------------------------

Name        : vim
Versions    : rh7.3: vim-6.1-18.7x.2.3.legacy
Versions    : rh9: vim-6.1-29.3.legacy
Versions    : fc1: vim-6.2.532-1.3.legacy
Summary     : The VIM editor.
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor.  Vi was the first real screen-based editor for UNIX, and is
still very popular.  VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

---------------------------------------------------------------------
Update Information:

Updated vim packages that fix multiple vulnerabilities are now
available.

VIM (Vi IMproved) is an updated and improved version of the vi screen-
based editor.

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is
possible that a malicious user could create a file containing a
specially crafted modeline which could cause arbitrary command execution
when viewed by a victim. Please note that this issue only affects users
who have modelines and filetype plugins enabled, which is not the
default. The Common Vulnerabilities and Exposures project has assigned
the name CAN-2004-1138 to this issue.

Javier Fernández-Sanguino Peña noticed that the auxillary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-0069 to this issue.

All users of VIM are advised to upgrade to these erratum packages, which
contain backported patches for these issues.

---------------------------------------------------------------------
Changelogs

rh73:
* Thu Jan 20 2005 Rob Myers <rob.myers at gtri.gatech.edu> 
1:6.1-18.7x.2.3.legacy
- remove -b backup option for CAN-2005-0069 patch
- add BuildRequires: gettext, gpm-devel, libtermcap-devel, ncurses-devel 
for mach

* Thu Jan 20 2005 Pekka Savola <pekkas at netcore.fi> 1:6.1-18.7x.2.2.legacy
- fix CAN-2005-0069, from Ubuntu (#2343)

* Mon Jan 10 2005 Pekka Savola <pekkas at netcore.fi> 1:6.1-18.7x.2.1.legacy
- fix CAN-2004-1138 (#2343)

rh9:
* Thu Jan 20 2005 Rob Myers <rob.myers at gtri.gatech.edu> 1:6.1-29.3.legacy
- remove -b backup option for CAN-2005-0069 patch
- add BuildRequires: gettext, gpm-devel, libacl-devel, libtermcap-devel,
   ncurses-devel for mach

* Thu Jan 20 2005 Pekka Savola <pekkas at netcore.fi> 1:6.1-29.2.legacy
- fix CAN-2005-0069 from Ubuntu (#2343)

* Mon Jan 10 2005 Pekka Savola <pekkas at netcore.fi> 1:6.1-29.1.legacy
- fix CAN-2004-1138 (#2343)

fc1:
* Thu Jan 20 2005 Rob Myers <rob.myers at gtri.gatech.edu> 1:6.2.532-1.3.legacy
- remove -b backup option for CAN-2005-0069 patch
- add BuildRequires for mach: autoconf
- fix CAN in previous changelog entry

* Mon Jan 10 2005 Pekka Savola <pekkas at netcore.fi> 1:6.2.532-1.2.legacy
- fix CAN-2005-0069 from Ubuntu (#2343)

* Mon Jan 10 2005 Pekka Savola <pekkas at netcore.fi> 1:6.2.532-1.1.legacy
- fix CAN-2004-1138 (#2343)

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)

rh7.3:
06e66495cc5204b04791af26d8f907a04230f23e 
redhat/7.3/updates-testing/i386/vim-common-6.1-18.7x.2.3.legacy.i386.rpm
c04107fabe009eb3de20c6835a5dbdbbe65f0683 
redhat/7.3/updates-testing/i386/vim-enhanced-6.1-18.7x.2.3.legacy.i386.rpm
216fa044df92639f713b646af18a60dfc5c64b9e 
redhat/7.3/updates-testing/i386/vim-minimal-6.1-18.7x.2.3.legacy.i386.rpm
9d392b1080667ab00958382c85aeaaac8dcc998b 
redhat/7.3/updates-testing/i386/vim-X11-6.1-18.7x.2.3.legacy.i386.rpm
6619cf7606ef880604c02d794f379d5bfad274d0 
redhat/7.3/updates-testing/SRPMS/vim-6.1-18.7x.2.3.legacy.src.rpm

rh9:
3beeb08ce9c22babf5f24e6441b38789fedbebe3 
redhat/9/updates-testing/i386/vim-common-6.1-29.3.legacy.i386.rpm
f8e91400360d150e31ac789582aed420711b2ce6 
redhat/9/updates-testing/i386/vim-enhanced-6.1-29.3.legacy.i386.rpm
876055e7796964cbf738a0c400d8e6aa2fbb8aa5 
redhat/9/updates-testing/i386/vim-minimal-6.1-29.3.legacy.i386.rpm
75bd07034c2c09c932ea62aea6dc44cf54e429b1 
redhat/9/updates-testing/i386/vim-X11-6.1-29.3.legacy.i386.rpm
b9a8e25c2910eb2d14a524750799351307f310f0 
redhat/9/updates-testing/SRPMS/vim-6.1-29.3.legacy.src.rpm

fc1:
e770d44e4b1d8da203d60adaf1974123deefc1fb 
fedora/1/updates-testing/i386/vim-common-6.2.532-1.3.legacy.i386.rpm
39f3cb5e4060acb72db1b4ca26d213d2e9be21cd 
fedora/1/updates-testing/i386/vim-enhanced-6.2.532-1.3.legacy.i386.rpm
e2a394b9d036365671464985009e7fc7ae40bec4 
fedora/1/updates-testing/i386/vim-minimal-6.2.532-1.3.legacy.i386.rpm
9b2121dc0fd781f613fc7440483f94c9ff099aad 
fedora/1/updates-testing/i386/vim-X11-6.2.532-1.3.legacy.i386.rpm
e63c2df5b9c58c83e555e68eff9c38947481f8ac 
fedora/1/updates-testing/SRPMS/vim-6.2.532-1.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050217/95af74e4/attachment.sig>

More information about the fedora-legacy-list mailing list