[Bug 240216] Re: Collection of vulnerabilities in Vim reported by rdancer

Sun Jun 1 10:00:48 UTC 2014

Launchpad has imported 16 comments from the remote bug at
https://bugs.gentoo.org/show_bug.cgi?id=227453.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2008-06-16T15:03:54+00:00 GNUtoo wrote:

Vim Shell Command Injection Vulnerabilities see the url

Reproducible: Always

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/1

------------------------------------------------------------------------
On 2008-06-20T12:37:28+00:00 Ali Polatel wrote:

I've bumped vim-core,vim and gvim to 7.1.319.
@security: I plan to remove vim-6.4. Do you want me to mask it or will you do it?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/2

------------------------------------------------------------------------
On 2008-07-06T18:59:00+00:00 Py wrote:

ali: please proceed with the mask.
Arches, please test and mark stable app-editors/vim-core-7.1.319. Target KEYWORDS: "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/4

------------------------------------------------------------------------
On 2008-07-06T20:11:28+00:00 Bluebird wrote:

Are we supposted to just stablize vim-core or vim-core,vim and gvim?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/5

------------------------------------------------------------------------
On 2008-07-06T20:17:58+00:00 Py wrote:

(In reply to comment #3)
> Are we supposted to just stablize vim-core or vim-core,vim and gvim?
> 

both of them, my mistake.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/6

------------------------------------------------------------------------
On 2008-07-06T20:21:38+00:00 Jeroen Roovers wrote:

(In reply to comment #4)
> (In reply to comment #3)
> > Are we supposted to just stablize vim-core or vim-core,vim and gvim?
> > 
> 
> both of them, my mistake.

All three of them.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/7

------------------------------------------------------------------------
On 2008-07-06T21:00:04+00:00 Cla-o wrote:

amd64/x86 stable

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/8

------------------------------------------------------------------------
On 2008-07-06T21:05:33+00:00 Cla-o wrote:

Also unCC arches.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/9

------------------------------------------------------------------------
On 2008-07-06T21:45:16+00:00 Jeroen Roovers wrote:

Stable for HPPA.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/10

------------------------------------------------------------------------
On 2008-07-06T22:38:29+00:00 Fmccor wrote:

All three stable on sparc.  I've been using [vim, gvim]-7.1.319 pretty
heavily for almost four weeks with no problems.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/11

------------------------------------------------------------------------
On 2008-07-07T02:56:22+00:00 Ranger-z wrote:

ppc and ppc64 done for all three pkgs

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/12

------------------------------------------------------------------------
On 2008-07-07T12:15:53+00:00 Raúl Porcel wrote:

alpha/ia64 stable

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/13

------------------------------------------------------------------------
On 2008-07-15T16:46:28+00:00 Keytoaster wrote:

Does this version actually fix all of the vulnerabilities? Using the
test suite from http://www.rdancer.org/vulnerablevim.html I get the
following result:

-------------------------------------------
-------- Test results below ---------------
-------------------------------------------
filetype.vim
  strong  : EXPLOIT FAILED
  weak    : EXPLOIT FAILED
zipplugin : VULNERABLE
xpm.vim
  xpm     : VULNERABLE
  xpm2    : VULNERABLE
  remote  : VULNERABLE
gzip_vim  : EXPLOIT FAILED
netrw     : VULNERABLE

Should be noted in the GLSA I guess.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/14

------------------------------------------------------------------------
On 2008-07-17T12:15:28+00:00 Keytoaster wrote:

vim team, do you know if upstream is trying to fix the remaining issues
in the near future? if yes, we will postpone this glsa until everything
is fixed.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/15

------------------------------------------------------------------------
On 2008-08-14T08:44:21+00:00 Ali Polatel wrote:

(In reply to comment #13)
> vim team, do you know if upstream is trying to fix the remaining issues in the
> near future? if yes, we will postpone this glsa until everything is fixed.
> 

{vim,gvim}-7.2 fixes this. It's in CVS.
-------------------------------------------
-------- Test results below ---------------
-------------------------------------------
Vim version 7.2
zip.vim version: 
netrw.vim version: 
-------------------------------------------
filetype.vim
  strong  : EXPLOIT FAILED
  weak    : EXPLOIT FAILED
tarplugin : EXPLOIT FAILED
tarplugin.updated: EXPLOIT FAILED
tarplugin.v2: EXPLOIT FAILED
zipplugin : EXPLOIT FAILED
zipplugin.v2: EXPLOIT FAILED
xpm.vim
  xpm     : EXPLOIT FAILED
  xpm2    : EXPLOIT FAILED
  remote  : EXPLOIT FAILED
gzip_vim  : EXPLOIT FAILED
netrw     : EXPLOIT FAILED
netrw.v2  : EXPLOIT FAILED
netrw.v3  : EXPLOIT FAILED
netrw.v4  : EXPLOIT FAILED
netrw.v5  : EXPLOIT FAILED
shellescape: EXPLOIT FAILED

Reply at: https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/16

------------------------------------------------------------------------
On 2014-05-31T18:05:24+00:00 Ackle wrote:

This issue has been fixed on Security-supported arches since Aug 15,
2008. No GLSA will be issued

Reply at:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/comments/24

** Changed in: vim (Gentoo Linux)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to vim in Ubuntu.
https://bugs.launchpad.net/bugs/240216

Title:
  Collection of vulnerabilities in Vim reported by rdancer

Status in “vim” package in Ubuntu:
  Fix Released
Status in “vim” source package in Dapper:
  Fix Released
Status in “vim” source package in Feisty:
  Won't Fix
Status in “vim” source package in Gutsy:
  Fix Released
Status in “vim” source package in Hardy:
  Fix Released
Status in “vim” package in Gentoo Linux:
  Fix Released

Bug description:
  Binary package hint: vim

  Multiples vulnerabilities exploitable from file content or file names have been reported here:
  http://www.rdancer.org/vulnerablevim.html

  Current version of Vim in Hardy is 7.1.138 which is older than the
  reported vulnerable version, so is vulnerable too.

  Upgrade to Vim 7.1.314 or above is recommended.
  See http://groups.google.com/group/vim_dev/browse_thread/thread/0a5543c9cee7c274

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vim/+bug/240216/+subscriptions