Salix OS

Linux for the Lazy Slacker
https://forum.salixos.org/

Vim < 8.1.1365 / Neovim < 0.3.6 vulnerability

https://forum.salixos.org/viewtopic.php?t=7919

Page 1 of 1

Vim < 8.1.1365 / Neovim < 0.3.6 vulnerability

Posted: 16. Jun 2019, 22:12
by Luffy
Hello,
Why has not vim been updated? :?:

https://nvd.nist.gov/vuln/detail/CVE-2019-12735
https://github.com/numirias/security/bl ... -neovim.md

-.-
Check if you have modelines enabled by opening vim and entering

:set modeline?

If vim returns nomodeline, you are not vulnerable. If you are vulnerable or want to ensure your security with this issue, add these lines to your vimrc:

set modelines=0
set nomodeline
-.-

Saludos.

Re: Vim < 8.1.1365 / Neovim < 0.3.6 vulnerability

Posted: 17. Jun 2019, 09:12
by gapan
Well, this is a package provided by Slackware. If there is indeed a problem, I expect Slackware will fix it.

Re: Vim < 8.1.1365 / Neovim < 0.3.6 vulnerability

Posted: 18. Jun 2019, 20:27
by Luffy
volkerdi wrote: Is this vulnerability applicable to vim/gvim in Slackware-stable?
https://github.com/numirias/security...-vim-neovim.md
I've tested it, and the PoC does not work on Slackware 14.2's vim/gvim.
I'm a newbie, :oops:

Thank you, gapan.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited