Major security vulnerability in vim! Anyone know when a patch is coming the repos?
View Reddit by ryanlue – View Source
Major security vulnerability in vim! Anyone know when a patch is coming the repos?
View Reddit by ryanlue – View Source
View Reddit by ryanlue – View Source
Debian ships vim with modelines disabled by default due to security concerns. Unless you explicitly enabled them again you are not affected.
This is the first I’ve heard of modelines, but they seem like a classic violation of the idea of separating control from data channels. The very idea of embedding things in text files that vim should execute upon opening sounds like something designed to be exploited.
Have you submitted a bug in Debian?
https://github.com/ciaranm/securemodelines/ .. use that and you don’t need to worry about modeline.
wow, 17 hours ago and 240 stars already?