[VIM] BID 48170 Confusion

security curmudgeon jericho at attrition.org
Sat Jul 9 16:09:03 CDT 2011


late to the party I know..

: The 1.4.27 release announcement referenced in the BID shows it was 
: published in May 20th, 2010 and credits Ilja van Sprundel for 
: discovering the vulnerability.

CVE-2010-4667

: The 1.5.12 release announcement referenced in the BID shows it was 
: published in January 2nd, 2011 and credits Janek Vind.

CVE-2011-2476

For a bit easier tracking.

OSVDB will be adding an entry for the command injection issues you 
mentioned.


More information about the VIM mailing list