Control: retitle vim: CVE-2019-12735: Modelines allow arbitrary code execution
On Wed, Jun 05, 2019 at 11:55:49AM +0200, Kyle Robbertze wrote: > Source: vim > Severity: important > Tags: security, patch > > Dear Maintainer, > > Vim currently allows arbitrary code execution in modelines outside of > the sandboxed environment when using ':source!' in the modeline. > Details can be found here [1] and upstream's patch here [2]. > > [1] > https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md > > [2] https://github.com/vim/vim/commit/5357552 MITRE assigned CVE-2019-12735 for this issue. Regards, Salvatore
