http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377 vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used as an editor for other products such as mutt. It's the "possibly other versions" part that makes me enter this bug. I guess it's not critical but it might be better to check out whether our 6.2 releases are affected or not. I couldn't verify this yet. regards, Tobias Reproducible: Always Steps to Reproduce:
aron & the vim team, can we have a fix plz?
Unless I'm missing something, this was fixed ages ago. 6.2* should be unaffected.
This was fixed over a year ago in Gentoo. Please check for dups before filing *** This bug has been marked as a duplicate of 14088 ***