Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  

People usually get what's coming to them ... unless it's been mailed.


rocksolid / Security / omg, not vim,not vim !!!

SubjectAuthor
o omg, not vim,not vim !!!anonymous

1
Subject: omg, not vim,not vim !!!
From: anonymous
Newsgroups: rocksolid.shared.security
Organization: def2org
Date: Wed, 5 Jun 2019 15:17 UTC
Path: i2pn2.org!i2pn.org!rocksolid2!def2!.POSTED.localhost!not-for-mail
From: anonym...@def2.anon (anonymous)
Newsgroups: rocksolid.shared.security
Subject: omg, not vim,not vim !!!
Date: Wed, 5 Jun 2019 15:17:24 -0000 (UTC)
Organization: def2org
Message-ID: <a7bdca6a9a9f20e3f861ad3904ab479f$1@z5bqfv5v75kxy7pj.onion>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 5 Jun 2019 15:17:24 -0000 (UTC)
Injection-Info: def2.org; posting-host="localhost:127.0.0.1";
logging-data="13309"; mail-complaints-to="usenet@def2.org"
View all headers
we will all die:

https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

Vim before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution via modelines by opening a specially crafted text file.
Posted on def2




1
rocksolid light 0.6.9
clearneti2ptor