Red Hat Bugzilla – Bug 174173
CAN-2005-0069 vim unsafe temporary file usage.
Last modified: 2007-11-30 17:11:17 EST
The flaw in vimspell seems to be present in the upstream 6.4 but the patch
vim-6.3-tmpfile.patch included in fc4 is no longer included. Please check to
see if this flaw is valid for the fc5test1 packages and close if not.
+++ This bug was initially created as a clone of Bug #144698 +++
------- Original comment by Josh Bressers (Security Response Team) on 2005.01.10
Two insecure temporary file vulns have been reported to the debian BTS.
The issues refer to the usage of temporary files using the process PID as the
"randomness". I would not be surprised if this isn't the only scripts in vim
that do this.
-- Additional comment from firstname.lastname@example.org on 2005-01-12 05:37 EST --
FC-2/3 packages have been pushed and announced. FC-4 packages have been built
tcltags is o longer part of our vim packages
The flaw in vimspell is fixed in vim-6.4.000-4