Mark Esler wrote:
> Could you please let me know if you consider every Vim bug report on > Huntr.dev a security issue? Should Huntr.dev be assigning a CVE to every > bug report? I cannot say. Most of the reported problems require sourcing a Vim script. Once the user sources that script, it can do anything, no bug is required to do something harmful. Theoretically the user could look at the script to check what it is doing, but in practice we can expect this doesn't happen. Thus there is always the risk of a trojan horse. This is different from when the problem could be triggered by editing a text file that has been manipulated. There have been cases where a problem is triggered by a modeline in a text file, that is a much more serious security issue. I don't recall such a problem being reported on huntr. -- hundred-and-one symptoms of being an internet addict: 31. You code your homework in HTML and give your instructor the URL. /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vim_dev/20230121114241.57DFF1C0ABE%40moolenaar.net.
