[VIM] gnump3d stuff

security curmudgeon jericho at attrition.org
Fri Nov 18 06:32:18 EST 2005

First, traversal (CVE 2005-3123) may have extra concerns. While flagged 
BUGFIX and not SECURITY, "allow files to start with ..." stands out to 

   2.9.7 [ 28th October 2005 ]
     - BUGFIX:  The previous release was broken.
     - BUGFIX: Allow files to start with ...
   2.9.6 [ 28th October 2005 ]
     - SECURITY: Prevent path traversal. [CVE-2005-3123]

Second, two more issues that have CVE entries (but aren't open), and I 
don't recall seeing before this:

   2.9.8 [ 17th November 2005 ]
     - SECURITY: Remove insecure usage of /tmp.    [CVE-2005-3349]
     - SECURITY: Filter input parameters/cookies.  [CVE-2005-3355]

More information about the VIM mailing list