fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file
to the editor's primary group (which may be different from the group
ownership of the original file), which allows local users to obtain
sensitive information by leveraging an applicable group membership, as
demonstrated by /etc/shadow owned by root:shadow mode 0640, but
/etc/.shadow.swp owned by root:users mode 0640, a different vulnerability
than CVE-2017-1000382.
Source: vim (LP Ubuntu Debian)
Upstream:released (2:8.0.1401-1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2:8.0.1453-1ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (2:8.0.1453-1ubuntu1)
Ubuntu 19.10 (Eoan Ermine):not-affected (2:8.0.1453-1ubuntu1)
Ubuntu 20.04 (Focal Fossa):not-affected (2:8.0.1453-1ubuntu1)
More Information

Updated: 2019-12-05 19:46:38 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)