Opened 10 months ago

Closed 10 months ago

#21172 closed enhancement (fixed)

vim-9.1.1166 (Security)

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: normal Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

Another security issue with vim. 

patch 9.1.1164: [security]: code execution with tar.vim and special crafted tar files
Problem:  editing a special crafted tar file allows code execution
          (RyotaK, after 129a844)
Solution: escape the filename before feeding it to the `:read` command

Need to sync with LFS also.

Change History (2)

comment:1 by Bruce Dubbs, 10 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 10 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commits 

8b070b68a3 Update to postfix-3.10.0.
830facf08f Update to icewm-3.7.1.
e4827036d1 Update to goffice-0.10.59.
5d0b98788f Update to gnumeric-1.12.59.
aafa116493 Update to vim-9.1.1166 (Security Update).
Note: See TracTickets for help on using tickets.