[vim] - patchlevel 070
Karsten Hopp
karsten at fedoraproject.org
Thu Dec 2 17:10:08 UTC 2010
commit 35c50963a8e5a823f42510365477712dd764ea62
Author: Karsten Hopp <karsten at redhat.com>
Date: Thu Dec 2 18:10:14 2010 +0100
- patchlevel 070
7.3.070 | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 53 insertions(+), 0 deletions(-)
---
diff --git a/7.3.070 b/7.3.070
new file mode 100644
index 0000000..0da893f
--- /dev/null
+++ b/7.3.070
@@ -0,0 +1,53 @@
+To: vim_dev at googlegroups.com
+Subject: Patch 7.3.070
+Fcc: outbox
+From: Bram Moolenaar <Bram at moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.3.070
+Problem: Can set environment variables in the sandbox, could be abused.
+Solution: Disallow it.
+Files: src/eval.c
+
+
+*** ../vim-7.3.069/src/eval.c 2010-11-10 20:31:24.000000000 +0100
+--- src/eval.c 2010-12-02 14:42:31.000000000 +0100
+***************
+*** 2326,2332 ****
+ else if (endchars != NULL
+ && vim_strchr(endchars, *skipwhite(arg)) == NULL)
+ EMSG(_(e_letunexp));
+! else
+ {
+ c1 = name[len];
+ name[len] = NUL;
+--- 2326,2332 ----
+ else if (endchars != NULL
+ && vim_strchr(endchars, *skipwhite(arg)) == NULL)
+ EMSG(_(e_letunexp));
+! else if (!check_secure())
+ {
+ c1 = name[len];
+ name[len] = NUL;
+*** ../vim-7.3.069/src/version.c 2010-11-24 18:48:08.000000000 +0100
+--- src/version.c 2010-12-02 14:46:44.000000000 +0100
+***************
+*** 716,717 ****
+--- 716,719 ----
+ { /* Add new patch number below this line */
++ /**/
++ 70,
+ /**/
+
+--
+The only way the average employee can speak to an executive is by taking a
+second job as a golf caddie.
+ (Scott Adams - The Dilbert principle)
+
+ /// Bram Moolenaar -- Bram at Moolenaar.net -- http://www.Moolenaar.net \\\
+/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\ an exciting new programming language -- http://www.Zimbu.org ///
+ \\\ help me help AIDS victims -- http://ICCF-Holland.org ///
More information about the scm-commits
mailing list