new vim advisory

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1841 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2005-09-07 16:56:57 +0000
committer: Joey Hess <joeyh@debian.org> 2005-09-07 16:56:57 +0000
commit: 72b2ae9675950803edddb5a34e86d033aedf7c58 (patch)
tree: 5a3cbb66f2328106ce917eb1e74d593b0993a318 /data/DTSA/advs
parent: fa8d0dc1dbe5f731f77444b17f7eb95a7c277415 (diff)
2 files changed, 15 insertions, 1 deletions
diff --git a/data/DTSA/advs/0-hotzenplotz.adv b/data/DTSA/advs/0-hotzenplotz.adv
index a821992d91..bd0b862d41 100644
--- a/data/DTSA/advs/0-hotzenplotz.adv
+++ b/data/DTSA/advs/0-hotzenplotz.adv
@@ -1,6 +1,6 @@
 dtsa: DTSA-0-1
 source: hotzenplotz
-date: 2005-11-12
+date: September 7th, 2005
 author: Wachtmeister Dimpfelmoser
 vuln-type: buffer overflows
 problem-scope: remote
diff --git a/data/DTSA/advs/12-vim.adv b/data/DTSA/advs/12-vim.adv
new file mode 100644
index 0000000000..242da6ec38
--- /dev/null
+++ b/data/DTSA/advs/12-vim.adv
@@ -0,0 +1,14 @@
+dtsa: DTSA-11-1
+source: vim
+date: September 7th, 2005
+author: Joey Hess
+vuln-type: modeline exploits
+problem-scope: local
+debian-specifc: no
+cve: CAN-2005-2368
+testing-fix: 1:6.3-085+0.0etch1
+sid-fix: 1:6.3-085+1
+
+vim modelines allow files to execute arbitrary commands via shell
+metacharacters in the glob or expand commands of a foldexpr expression
+for calculating fold levels.
author	Joey Hess <joeyh@debian.org>	2005-09-07 16:56:57 +0000
committer	Joey Hess <joeyh@debian.org>	2005-09-07 16:56:57 +0000
commit	72b2ae9675950803edddb5a34e86d033aedf7c58 (patch)
tree	5a3cbb66f2328106ce917eb1e74d593b0993a318 /data/DTSA/advs
parent	fa8d0dc1dbe5f731f77444b17f7eb95a7c277415 (diff)