[VIM] gnump3d stuff
Steven M. Christey
coley at linus.mitre.org
Fri Nov 18 16:10:08 EST 2005
On Fri, 18 Nov 2005, security curmudgeon wrote:
> First, traversal (CVE 2005-3123) may have extra concerns. While flagged
> BUGFIX and not SECURITY, "allow files to start with ..." stands out to
> me.
hmmmm, sounds unusual.
> 2.9.7 [ 28th October 2005 ]
> - BUGFIX: The previous release was broken.
> - BUGFIX: Allow files to start with ...
> 2.9.6 [ 28th October 2005 ]
> - SECURITY: Prevent path traversal. [CVE-2005-3123]
>
> Second, two more issues that have CVE entries (but aren't open), and I
> don't recall seeing before this:
>
> 2.9.8 [ 17th November 2005 ]
> - SECURITY: Remove insecure usage of /tmp. [CVE-2005-3349]
> - SECURITY: Filter input parameters/cookies. [CVE-2005-3355]
These were assigned by a non-MITRE Candidate Naming Authority (CNA) so I
wasn't aware of them either. Nice catch!
- Steve
More information about the VIM
mailing list