MGASA-2020-0082

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0082.html

Import Source

https://advisories.mageia.org/MGASA-2020-0082.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0082

Related

CVE-2019-12735

Published

2020-02-13T10:49:00Z

Modified

2020-02-13T10:25:04Z

Summary

Updated vim and neovim packages fix security vulnerability

Details

Updated vim and neovim package fixes security vulnerability:

It was discovered that Vim before 8.1.1365 and Neovim before 0.3.6 did not restrict the :source! command when executed in a sandbox. This allows remote attackers to take advantage of the modeline feature to inject arbitrary commands when a specially crafted file is opened (CVE-2019-12735).

References

https://advisories.mageia.org/MGASA-2020-0082.html
https://bugs.mageia.org/show_bug.cgi?id=24929
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0082

Affected packages