Bug 129300 - [vuxml] editors/vim6: document CVE-2008-3432
Summary: [vuxml] editors/vim6: document CVE-2008-3432
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Shaun Amott
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-30 16:40 UTC by Eygene Ryabinkin
Modified: 2010-09-09 04:20 UTC (History)
1 user (show)

See Also:

Attachments
vuln.xml (1.01 KB, text/plain)
2008-11-30 16:40 UTC, Eygene Ryabinkin 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eygene Ryabinkin 2008-11-30 16:40:01 UTC 
There is CVE-2008-3432 that addresses the heap-based buffer overflow in
vim 6.2 and 6.3.  While these are rather dated, someone might still be
using them.

Fix: The following VuXML entry should be evaluated and added:
How-To-Repeat: 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432
http://www.openwall.com/lists/oss-security/2008/07/15/4
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-11-30 16:40:11 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->obrien

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2010-08-23 03:12:20 UTC 
Responsible Changed
From-To: obrien->freebsd-ports-bugs

Actually this is about vim6, which obrien no longer maintains.
Comment 3 Shaun Amott freebsd_committer freebsd_triage 2010-09-09 03:27:25 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->shaun

Grab.
Comment 4 Shaun Amott freebsd_committer freebsd_triage 2010-09-09 03:27:51 UTC 
State Changed
From-To: open->closed

Vulnerability documented; I have also scheduled this port for 
termination, since it is now rather ancient and superceded by vim 7.
Comment 5 dfilter service freebsd_committer freebsd_triage 2010-09-09 04:13:18 UTC 
shaun       2010-09-09 03:13:09 UTC

  FreeBSD ports repository

  Modified files:
    editors/vim6         Makefile 
    security/vuxml       vuln.xml 
  Log:
  Belatedly (and perhaps pointlessly) document [1]:
  
    vim6 -- heap-based overflow while parsing shell metacharacters
  
  While here, prepare this old port for termination with DEPRECATED.
  
  PR:             ports/129300 [1]
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> [1]
  
  Revision  Changes    Path
  1.155     +4 -1      ports/editors/vim6/Makefile
  1.2219    +31 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"