Bug 470100 (CVE-2009-0316) - VUL-0: CVE-2009-0316: vim: python module search path insecure
Summary: VUL-0: CVE-2009-0316: vim: python module search path insecure
Status: RESOLVED FIXED
Alias: CVE-2009-0316
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Deadline: 2009-03-11
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:10.3:22732 maint:relea...
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-28 09:28 UTC by Thomas Biege
Modified: 2017-07-15 12:00 UTC (History)
2 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2009-01-28 09:28:44 UTC 
Hi.
This is a security bug report

This bug is public.

There is no coordinated release date (CRD) set.

More information can be found here:
	https://bugzilla.redhat.com/show_bug.cgi?id=481565

CVE number: CVE-2009-0316
CVE description: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0316


Original posting:


CVE-2009-0316
References:
https://bugzilla.redhat.com/show_bug.cgi?id=481565
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
Comment 2 Dr. Werner Fink 2009-02-17 13:15:52 UTC 
fixed at least with vim 7.2.045
Comment 3 Dr. Werner Fink 2009-02-17 13:28:17 UTC 
submitted to 11.1, SLES11, and factory
Comment 4 Dr. Werner Fink 2009-02-19 15:25:58 UTC 
see comment #3
Comment 5 Dr. Werner Fink 2009-02-24 14:51:28 UTC 
submitted 7.2.108 to 10.3, 11.0, and 11.1 and sles11
Comment 6 Swamp Workflow Management 2009-03-10 16:18:06 UTC 
Update released for: gvim, vim, vim-base, vim-data, vim-enhanced
Products:
openSUSE 10.3 (i386, ppc, x86_64)
openSUSE 11.0 (debug, i386, ppc, x86_64)
openSUSE 11.1 (debug, i586, ppc, x86_64)
Comment 7 Thomas Biege 2009-10-14 02:52:44 UTC 
CVE-2009-0316: CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)