------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#28
------------------------------------------------------------

Name: vim
Date: 2007-05-07
Severity: Low
Warning #: 2007-#28

------------------------------------------------------------

Product Background
===================
A highly configurable, improved version of the vi text editor built to
enable efficient text editing


Problem Background - Impact
===================
Previous versions of the vim package allowed two functions, feedkeys() and writefile(), to be used in the sandbox. Functions executed via modelines in files being edited are verified by the sandbox; a user who is coerced into opening a specially-crafted file could cause the system to execute arbitrary shell code supplied by the attacker.

Problem Packages
===================
Package: vim
Repo: current
Group: base
Unsafe: < 7.0.235
Safe: >= 7.0.235

Package Fix
===================
Vim developers have released 234 and 235 patch, which fix this issue. I'm not sure, but the lastest 7.0 tarball in the /unix directory of mirrors has already included this patchset.

===================

Unofficial ArchLinux Security Bug Tracker:
http://jjdanimoth.netsons.org/alsw.html

Reference(s)
===================
https://issues.rpath.com/browse/RPL-1320