There is CVE-2008-3432 that addresses the heap-based buffer overflow in vim 6.2 and 6.3. While these are rather dated, someone might still be using them. Fix: The following VuXML entry should be evaluated and added: How-To-Repeat: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432 http://www.openwall.com/lists/oss-security/2008/07/15/4
Responsible Changed From-To: freebsd-ports-bugs->obrien Over to maintainer (via the GNATS Auto Assign Tool)
Responsible Changed From-To: obrien->freebsd-ports-bugs Actually this is about vim6, which obrien no longer maintains.
Responsible Changed From-To: freebsd-ports-bugs->shaun Grab.
State Changed From-To: open->closed Vulnerability documented; I have also scheduled this port for termination, since it is now rather ancient and superceded by vim 7.
shaun 2010-09-09 03:13:09 UTC FreeBSD ports repository Modified files: editors/vim6 Makefile security/vuxml vuln.xml Log: Belatedly (and perhaps pointlessly) document [1]: vim6 -- heap-based overflow while parsing shell metacharacters While here, prepare this old port for termination with DEPRECATED. PR: ports/129300 [1] Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> [1] Revision Changes Path 1.155 +4 -1 ports/editors/vim6/Makefile 1.2219 +31 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"