On Sat, Jun 15, 2019 at 11:03:21PM +0100, Ken Moffat via lfs-dev wrote: > On Fri, Jun 14, 2019 at 11:16:58PM +0100, Ken Moffat via blfs-dev wrote: > > It is possible for a remote attacker to execute arbitrary OS > > commands in vim up to version 8.1.1364 via the :source! command in a > > modeline of a malicious file (all you have to do is open the file in > > vim). > > > > A workaround is to disable modelines in vimrc : > > > > set nomodeline
The LFS and BLFS development books are now using vim-8.1.1535 which solves the problem. Again, my thanks to Bruce for pointing out that vim patch versions can be found at github, and for updating the LFS book. ĸen -- Before the universe began, there was a sound. It went: "One, two, ONE, two, three, four" [...] The cataclysmic power chord that followed was the creation of time and space and matter and it does Not Fade Away. - wiki.lspace.org/mediawiki/Music_With_Rocks_In -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
