CVE-2018-11319

Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...

Debian DSA-4261-1 : vim-syntastic - security update

Enrico Zini discovered a vulnerability in Syntastic, an addon module for the Vim editor that runs a file through external checkers and displays any resulting errors. Config files were looked up in the current working directory which could result in arbitrary shell code execution if a malformed...

DSA-4261-1 vim-syntastic - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4261-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1444-1 : vim-syntastic security update

CVE-2018-11319 The improper handling of search for configuration files might be exploited for arbitrary code execution via a malicious gcc plugin. For Debian 8 'Jessie', this problem has been fixed in version 3.5.0-1+deb8u1. We recommend that you upgrade your vim-syntastic packages. NOTE: Tenable...

[SECURITY] [DLA 1444-1] vim-syntastic security update

Package : vim-syntastic Version : 3.5.0-1+deb8u1 CVE ID : CVE-2018-11319 CVE-2018-11319 The improper handling of search for configuration files might be exploited for arbitrary code execution via a malicious gcc plugin. For Debian 8 "Jessie", this problem has been fixed in version 3.5.0-1+deb8u1...

Debian: Security Advisory (DLA-1444-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-1444-1 vim-syntastic - security update

Bulletin has no description...

CVE-2018-11319

Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...

CVE-2018-11319

Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...

CVE-2018-11319

Syntastic (vim-syntastic) up to version 3.9.0 is vulnerable due to how config files are searched: it traverses from the project directory upward toward root, enabling arbitrary code execution if an attacker can write to a parent directory of the checked project. Published fixes exist: Debian stre...

CVE-2018-11319

Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root. This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to a...