1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4261-1] vim-syntastic security update

    From Moritz Muehlenhoff@1:229/2 to All on Fri Aug 3 18:40:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4261-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : vim-syntastic
    CVE ID : CVE-2018-11319

    Enrico Zini discovered a vulnerability in Syntastic, an addon
    module for the Vim editor that runs a file through external checkers
    and displays any resulting errors. Config files were looked up in the
    current working directory which could result in arbitrary
    shell code execution if a malformed source code file is opened.

    For the stable distribution (stretch), this problem has been fixed in
    version 3.7.0-1+deb9u2.

    We recommend that you upgrade your vim-syntastic packages.

    For the detailed security status of vim-syntastic please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/vim-syntastic

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltkgTUACgkQEMKTtsN8 Tja1vRAAgQUVhLQxjCaHqZT/YE25xSP8Runk8uA8n5BKTqXOuNynRvE7D2V5zd8c HxsA9Bsen5fOrzZPnZAlApZfYqIIIZRGbgKjCP50lnOGIsfYv9h/iCnJg+lkcFHl kf9059Nq2w9prWULLWw5isQfclGP2DmMvYNaI12j7ljeIR9DkTjOrP7B8LrODdwB ztt4YW5n+e+OyyUGLoB0ZNHIaL00c/6IEyAav0B/aA+WtRyiDYMkCWJscsIy0PGI sTLytImDgru+Kgm2x0AYhxFPqIrhe3GslETB6Kos0AKbeDxjLHYOxc8s/dfuFLTk NT3qhSMr+Z3f+xte9BxSbFc5KpQtY4CtoIjbSML8icp0Y1ps7mr0wd4DNc80bVJA 38qvOkieilAHPkOtr8A/QZp40pBU8yAXIv2rG4O4W0EjuMKBtVxLCQ+GA6T8+0ci ysfmsyIMEkNY0jDtFrz2zkQE8TH8bD7UVRN8aY0pwmPFg5/0c11Ayygt52akFYoX DLulDxR1GRY8XzcBXpAazU6k6S9Goyxu+mYRvG8Kz9fhEbiqrBsWuipQQU44Lx2F LQODLauHVQrqADMIeSxkmWh0cgalFMgV4Ruqf5KA9SAT6CxIyzYOhUwndrcfYi6h 4A4dln9EmEH6jf5VxCgndcaHD1nsLxVp8ho6wVDxDY/BTp6hzGs=
    =qtrn
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)