lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20041226151253.608e4587@snowdrop.home>
Date: Sun, 26 Dec 2004 15:12:53 +0000
From: Ciaran McCreesh <ciaranm@...too.org>
To: Liu Die Yu <liudieyu@...rella.name>
Cc: Sune Kloppenborg Jeppesen <jaervosz@...too.org>, bugtraq@...urityfocus.com,
        Martin Pitt <martin.pitt@...onical.com>,
        full-disclosure@...ts.netsys.com
Subject: Re: Fwd: Re: [USN-52-1] vim vulnerability

On Sun, 26 Dec 2004 09:00:28 +0100 Sune Kloppenborg Jeppesen
<jaervosz@...too.org> wrote:
| ----------  Forwarded Message  ----------
| 
| Subject: Re: [USN-52-1] vim vulnerability
| Date: Friday 24 December 2004 05:31
| From: Liu Die Yu <liudieyu@...rella.name>
| To: Martin Pitt <martin.pitt@...onical.com>
| Cc: ubuntu-security-announce@...ts.ubuntu.com, 
| full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
| 
| the credit really should go to Georgi Guninski who said:
<snip>

This is a different unrelated vulnerability which has been fixed for a
long time. The issues I found are not related to libcall*, rather they
rely upon exploiting wildcards to make vim source arbitrary files.

-- 
Ciaran McCreesh : Gentoo Developer (Vim, Fluxbox, Sparc, Mips)
Mail            : ciaranm at gentoo.org
Web             : http://dev.gentoo.org/~ciaranm


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ