Control: retitle neovim: CVE-2019-12735: Modelines allow arbitrary code execution
On Wed, Jun 05, 2019 at 03:14:43AM -0700, Matthew Crews wrote: > Source: neovim > Severity: important > Tags: upstream > > Dear Maintainer, > > Neovim versions < 0.3.6 are subject to an Arbitrary Code Execution exploit via > modelines, as described in this blogpost: > > https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim- > neovim.md > > Upgrading the Neovim package to >= 0.3.6 fixes this exploit. MITRE assigned CVE-2019-12735 for this issue. Regards, Salvatore
