FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369793
Date:      2014-10-02
Time:      01:06:43Z
Committer: bdrewery

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bd9fc2bf-5ffe-11d9-a11a-000a95bc6faevim -- vulnerabilities in modeline handling

Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads:

Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. (Ciaran McCreesh)

Solution: Don't allow setting termcap options or 'printdevice' or 'titleold' in a modeline. Don't list options for "termcap" and "all" in a modeline. Don't allow unusual characters in 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode' and 'langmenu'.

Note: It is generally recommended that VIM users use set nomodeline in ~/.vimrc to avoid the possibility of trojaned text files.


Discovery 2004-12-09
Entry 2005-01-06
Modified 2005-01-13
vim
vim-lite
vim+ruby
lt 6.3.45

CVE-2004-1138
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045
http://groups.yahoo.com/group/vimdev/message/38084
1ed03222-3c65-11dc-b3d3-0016179b2dd5vim -- Command Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "helptags_one()" function in src/ex_cmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files.


Discovery 2007-07-27
Entry 2007-07-27
vim
vim-lite
vim-ruby
vim6
vim6-ruby
lt 7.1.39

CVE-2007-2953
http://secunia.com/advisories/25941/
bd9fc2bf-5ffe-11d9-a11a-000a95bc6faevim -- vulnerabilities in modeline handling

Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads:

Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. (Ciaran McCreesh)

Solution: Don't allow setting termcap options or 'printdevice' or 'titleold' in a modeline. Don't list options for "termcap" and "all" in a modeline. Don't allow unusual characters in 'filetype', 'syntax', 'backupext', 'keymap', 'patchmode' and 'langmenu'.

Note: It is generally recommended that VIM users use set nomodeline in ~/.vimrc to avoid the possibility of trojaned text files.


Discovery 2004-12-09
Entry 2005-01-06
Modified 2005-01-13
vim
vim-lite
vim+ruby
lt 6.3.45

CVE-2004-1138
ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.045
http://groups.yahoo.com/group/vimdev/message/38084
1ed03222-3c65-11dc-b3d3-0016179b2dd5vim -- Command Format String Vulnerability

A Secunia Advisory reports:

A format string error in the "helptags_one()" function in src/ex_cmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files.


Discovery 2007-07-27
Entry 2007-07-27
vim
vim-lite
vim-ruby
vim6
vim6-ruby
lt 7.1.39

CVE-2007-2953
http://secunia.com/advisories/25941/