subject:"Bug#856818\: \[vim\-youcompleteme\] JediHTTP grants to unauthorized users modification of settings and code execution on behalf of the vim user"

Bug#856818: [vim-youcompleteme] JediHTTP grants to unauthorized users modification of settings and code execution on behalf of the vim user

2017-03-05 Thread Salvatore Bonaccorso

Hi Disclaimer: not the maintainer here. AFAICT, the HMAC mechanism has been introduced in upstream/0+20150327+git9bfdb98, and then later on ycmd was splited afterwards to a separate project. Thus I think this bug can be marked as fixed with debian/0+20150616+gitbc5f581-1. Regards, Salvatore

Bug#856818: [vim-youcompleteme] JediHTTP grants to unauthorized users modification of settings and code execution on behalf of the vim user

2017-03-04 Thread Marcin Szewczyk

Package: vim-youcompleteme Version: 0+20140207+git18be5c2-2 Severity: normal Tags: security X-Debbugs-CC: secur...@debian.org This version (0+20140207+git18be5c2-2) of JediHTTP (/usr/lib/vim-youcompleteme/ycm/server/) does not include the HMAC mechanism. Each vim instance starts a HTTP proxy to