Candidate: CVE-2008-6235
PublicDate: 2009-02-21 23:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6235
Description:
 The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted
 attackers to execute arbitrary commands via shell metacharacters in a
 filename used by the (1) "D" (delete) command or (2) b:netrw_curdir
 variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
Ubuntu-Description:
Notes:
 mdeslaur> This was patched in vim from usn-712-1
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_vim:
upstream_vim: needs-triage
dapper_vim: not-affected (1:6.4-006+2ubuntu6.2)
gutsy_vim: not-affected (1:7.1-056+2ubuntu2.1)
hardy_vim: not-affected (1:7.1-138+1ubuntu3.1)
intrepid_vim: not-affected (1:7.1.314-3ubuntu3.1)
devel_vim: not-affected (2:7.2.079-1ubuntu3)