Fedora Legacy Test Update Notification: vim

Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> · Thu, 17 Feb 2005 17:13:05 -0500

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2343
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2343
2005-02-17
---------------------------------------------------------------------

Name        : vim
Versions    : rh7.3: vim-6.1-18.7x.2.3.legacy
Versions    : rh9: vim-6.1-29.3.legacy
Versions    : fc1: vim-6.2.532-1.3.legacy
Summary     : The VIM editor.
Description :
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor.  Vi was the first real screen-based editor for UNIX, and is
still very popular.  VIM improves on vi by adding new features:
multiple windows, multi-level undo, block highlighting and more.

---------------------------------------------------------------------
Update Information:

Updated vim packages that fix multiple vulnerabilities are now
available.

VIM (Vi IMproved) is an updated and improved version of the vi screen-
based editor.

Ciaran McCreesh discovered a modeline vulnerability in VIM. It is
possible that a malicious user could create a file containing a
specially crafted modeline which could cause arbitrary command execution
when viewed by a victim. Please note that this issue only affects users
who have modelines and filetype plugins enabled, which is not the
default. The Common Vulnerabilities and Exposures project has assigned
the name CAN-2004-1138 to this issue.

Javier Fernández-Sanguino Peña noticed that the auxillary scripts
"tcltags" and "vimspell.sh" created temporary files in an insecure
manner. This could allow a symbolic link attack to create or overwrite
arbitrary files with the privileges of the user invoking the script. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2005-0069 to this issue.

All users of VIM are advised to upgrade to these erratum packages, which
contain backported patches for these issues.

---------------------------------------------------------------------
Changelogs

rh73:

* Thu Jan 20 2005 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 
1:6.1-18.7x.2.3.legacy

- remove -b backup option for CAN-2005-0069 patch

- add BuildRequires: gettext, gpm-devel, libtermcap-devel, ncurses-devel 
for mach

* Thu Jan 20 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1:6.1-18.7x.2.2.legacy
- fix CAN-2005-0069, from Ubuntu (#2343)

* Mon Jan 10 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1:6.1-18.7x.2.1.legacy
- fix CAN-2004-1138 (#2343)

rh9:
* Thu Jan 20 2005 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1:6.1-29.3.legacy
- remove -b backup option for CAN-2005-0069 patch
- add BuildRequires: gettext, gpm-devel, libacl-devel, libtermcap-devel,
  ncurses-devel for mach

* Thu Jan 20 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1:6.1-29.2.legacy
- fix CAN-2005-0069 from Ubuntu (#2343)

* Mon Jan 10 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1:6.1-29.1.legacy
- fix CAN-2004-1138 (#2343)

fc1:
* Thu Jan 20 2005 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1:6.2.532-1.3.legacy
- remove -b backup option for CAN-2005-0069 patch
- add BuildRequires for mach: autoconf
- fix CAN in previous changelog entry

* Mon Jan 10 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1:6.2.532-1.2.legacy
- fix CAN-2005-0069 from Ubuntu (#2343)

* Mon Jan 10 2005 Pekka Savola <pekkas@xxxxxxxxxx> 1:6.2.532-1.1.legacy
- fix CAN-2004-1138 (#2343)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh7.3:

06e66495cc5204b04791af26d8f907a04230f23e 
redhat/7.3/updates-testing/i386/vim-common-6.1-18.7x.2.3.legacy.i386.rpm

c04107fabe009eb3de20c6835a5dbdbbe65f0683 
redhat/7.3/updates-testing/i386/vim-enhanced-6.1-18.7x.2.3.legacy.i386.rpm

216fa044df92639f713b646af18a60dfc5c64b9e 
redhat/7.3/updates-testing/i386/vim-minimal-6.1-18.7x.2.3.legacy.i386.rpm

9d392b1080667ab00958382c85aeaaac8dcc998b 
redhat/7.3/updates-testing/i386/vim-X11-6.1-18.7x.2.3.legacy.i386.rpm

6619cf7606ef880604c02d794f379d5bfad274d0 
redhat/7.3/updates-testing/SRPMS/vim-6.1-18.7x.2.3.legacy.src.rpm

rh9:

3beeb08ce9c22babf5f24e6441b38789fedbebe3 
redhat/9/updates-testing/i386/vim-common-6.1-29.3.legacy.i386.rpm

f8e91400360d150e31ac789582aed420711b2ce6 
redhat/9/updates-testing/i386/vim-enhanced-6.1-29.3.legacy.i386.rpm

876055e7796964cbf738a0c400d8e6aa2fbb8aa5 
redhat/9/updates-testing/i386/vim-minimal-6.1-29.3.legacy.i386.rpm

75bd07034c2c09c932ea62aea6dc44cf54e429b1 
redhat/9/updates-testing/i386/vim-X11-6.1-29.3.legacy.i386.rpm

b9a8e25c2910eb2d14a524750799351307f310f0 
redhat/9/updates-testing/SRPMS/vim-6.1-29.3.legacy.src.rpm

fc1:

e770d44e4b1d8da203d60adaf1974123deefc1fb 
fedora/1/updates-testing/i386/vim-common-6.2.532-1.3.legacy.i386.rpm

39f3cb5e4060acb72db1b4ca26d213d2e9be21cd 
fedora/1/updates-testing/i386/vim-enhanced-6.2.532-1.3.legacy.i386.rpm

e2a394b9d036365671464985009e7fc7ae40bec4 
fedora/1/updates-testing/i386/vim-minimal-6.2.532-1.3.legacy.i386.rpm

9b2121dc0fd781f613fc7440483f94c9ff099aad 
fedora/1/updates-testing/i386/vim-X11-6.2.532-1.3.legacy.i386.rpm

e63c2df5b9c58c83e555e68eff9c38947481f8ac 
fedora/1/updates-testing/SRPMS/vim-6.2.532-1.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
Attachment:
signature.asc

Description: OpenPGP digital signature
--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list