[VIM] Provable ACK for SPiD lang.php file include

Steven M. Christey coley at mitre.org
Mon Jul 11 17:04:13 EDT 2005

Ref: SECTRACK:1014437

(CAN-2005-2198 forthcoming)



The changelog for 1.3.1, which was updated on 2005/07/11, says "Fix
vulnerability in lang.php (For those using 1.3.0, you just have to
copy the new lang/lang.php file over)."  A look at lang.php shows that
it exits if $lang_path is set by an HTTP request.

- Steve

More information about the VIM mailing list