Summary: | <app-editors/{gvim,vim}-8.1.1486: modelines allow arbitrary code execution (CVE-2019-12735) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | alexander, gentoo_bugs_peep, redblade7, theodor, vim, xdch47 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=347835 | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
app-editors/vim-core-8.1.1486
app-editors/vim-8.1.1486
app-editors/gvim-8.1.1486
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 690102 |
Description
Thomas Deutschmann (RETIRED)
2019-06-04 22:48:40 UTC
*** Bug 687488 has been marked as a duplicate of this bug. *** *** Bug 687498 has been marked as a duplicate of this bug. *** Simple bump (e.g https://github.com/gentoo/gentoo/pull/12205) works for me cp neovim-0.3.4-r1.ebuild neovim-0.3.6.ebuild ebuild neovim-0.3.6.ebuild manifest emerge neovim WFM resolved for app-editors/vim by Tim Harder, see https://github.com/gentoo/gentoo/commit/53f8f342df7a9ec40e9feb13c732c65ef6d76344 Arches/security, feel free to start the stabilization process for vim 8.1.1486 and related pkgs. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=188b09fcc4e05cdf18236579d33ae813d3700cf0 commit 188b09fcc4e05cdf18236579d33ae813d3700cf0 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-06-13 12:20:50 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-06-13 12:20:50 +0000 app-editors/vim-core-8.1.1486-r0: alpha stable Bug: http://bugs.gentoo.org/687394 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> app-editors/vim-core/vim-core-8.1.1486.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0268942c13be8e8b29c395ecad6e986093541cd8 commit 0268942c13be8e8b29c395ecad6e986093541cd8 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-06-13 12:20:50 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-06-13 12:20:50 +0000 app-editors/gvim-8.1.1486-r0: alpha stable Bug: http://bugs.gentoo.org/687394 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> app-editors/gvim/gvim-8.1.1486.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ab6666ec4398232ca353f9ee17ebbd32a33fe01 commit 1ab6666ec4398232ca353f9ee17ebbd32a33fe01 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-06-13 12:20:45 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-06-13 12:20:45 +0000 app-editors/vim-8.1.1486-r0: alpha stable Bug: http://bugs.gentoo.org/687394 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> app-editors/vim/vim-8.1.1486.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) amd64 stable ppc64 stable sparc stable ppc stable ia64 stable x86 stable hppa stable s390 stable app-editors/vim app-editors/vim-core stable on arm64 gvim does not carry any stable keywords on arm64 arm stable New GLSA request filed. Should this bug be closed? =app-editors/vim-8.1.1486 is stable on all platforms. This issue was resolved and addressed in GLSA 202003-04 at https://security.gentoo.org/glsa/202003-04 by GLSA coordinator Thomas Deutschmann (whissi). |