[Technik] [SECURITY] [DSA 1364-1] New vim packages fix several
vulnerabilities
Noèl Köthe
noel at debian.org
Mon Sep 3 17:50:28 CEST 2007
Am Samstag, den 01.09.2007, 13:30 +0200 schrieb Moritz Muehlenhoff:
> Debian Security Advisory DSA 1364-1 security at debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> September 1st, 2007 http://www.debian.org/security/faq
>
> Package : vim
> Vulnerability : several
> Problem-Type : local(remote)
> Debian-specific: no
> CVE ID : CVE-2007-2438 CVE-2007-2953
vim auf h01, h02, h03, h04, kiowa, karuk, kansa, cusa, cupa, wasco,
cree, yuma, pima und pomo aktualisiert.
> For the oldstable distribution (sarge) these problems have been fixed in
> version 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.
changelog:
vim (1:6.3-071+1sarge2) oldstable-security; urgency=high
* Fix format string vulnerability in helptags handling (CVE-2007-2953).
-- Moritz Muehlenhoff <jmm at debian.org> Sun, 25 Aug 2007 10:25:04 +0000
> For the stable distribution (etch) these problems have been fixed
> in version 7.0-122+1etch3.
changelog:
vim (1:7.0-122+1etch3) stable-security; urgency=high
* Add upstream patches 7.0.234 and 7.0.235 which fix CVE-2007-2438.
(Closes: #435401)
* Add upstream patch 7.1.039 which fixes CVE-2007-2953. (Closes: #438593)
-- James Vega <jamessan at debian.org> Fri, 17 Aug 2007 22:46:28 -0400
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20070903/35347304/attachment.pgp
More information about the Technik
mailing list