[ubuntu/precise-security] vim 2:7.3.429-2ubuntu2.2 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Mon Nov 28 23:59:42 UTC 2016


vim (2:7.3.429-2ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary shell execution via modelines
    - debian/patches/upstream/CVE-2016-1248.patch: Only allow valid
      characters in 'filetype', 'syntax' and 'keymap'. Tests adapted
      back to vim 7.3 by James McCoy of Debian, thanks! Patch is also
      updated to add the tests to the set that are run during the build.
    - CVE-2016-1248

Date: 2016-11-24 00:48:13.549286+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/vim/2:7.3.429-2ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list