Vim < 8.1.1365 / Neovim < 0.3.6 vulnerability

Other talk about Salix
Post Reply
User avatar
Luffy
Posts: 41
Joined: 3. Jul 2017, 22:03

Vim < 8.1.1365 / Neovim < 0.3.6 vulnerability

Post by Luffy » 16. Jun 2019, 22:12

Hello,
Why has not vim been updated? :?:

https://nvd.nist.gov/vuln/detail/CVE-2019-12735
https://github.com/numirias/security/bl ... -neovim.md

-.-
Check if you have modelines enabled by opening vim and entering

:set modeline?

If vim returns nomodeline, you are not vulnerable. If you are vulnerable or want to ensure your security with this issue, add these lines to your vimrc:

set modelines=0
set nomodeline
-.-

Saludos.

User avatar
gapan
Salix Wizard
Posts: 5528
Joined: 6. Jun 2009, 17:40

Re: Vim < 8.1.1365 / Neovim < 0.3.6 vulnerability

Post by gapan » 17. Jun 2019, 09:12

Well, this is a package provided by Slackware. If there is indeed a problem, I expect Slackware will fix it.
Image
Image

User avatar
Luffy
Posts: 41
Joined: 3. Jul 2017, 22:03

Re: Vim < 8.1.1365 / Neovim < 0.3.6 vulnerability

Post by Luffy » 18. Jun 2019, 20:27

volkerdi wrote: Is this vulnerability applicable to vim/gvim in Slackware-stable?
https://github.com/numirias/security...-vim-neovim.md
I've tested it, and the PoC does not work on Slackware 14.2's vim/gvim.
I'm a newbie, :oops:

Thank you, gapan.

Post Reply