Source: vim Severity: important Tags: upstream Dear Maintainer,
Vim versions < 8.1.1365 are subject to an Arbitrary Code Execution exploit via modelines, as described in this blogpost: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim- neovim.md Upgrading the Vim package to >= 8.1.1365 fixes this exploit. -- System Information: Debian Release: 10.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
