Susanne Ramsey wrote: > The National Vulnerability Database (NVD) lists a high vulnerability for VIM > 8.0. https://nvd.nist.gov/vuln/detail/CVE-2017-11109 > Vim 8.0 allows attackers to cause a denial of service or possibly have > unspecified other impact via a crafted source (aka -S) file. > NOTE: there might be a limited number of scenarios in which this has > security relevance. > > > Unfortunately, the info provided in the CVE does not specify if it is > only the initial release 8.0 or the subsequent patched versions that > are vulnerable. I have searched the VIM website readme and other > documents but can’t find the answer, so I am turning to you. I > appreciate your assistance. Is the current version still vulnerable > to the issue noted above or has this been remediated in the patch > updates?
Patch 8.0.0693 fixed the first issue. Note that it requires the user to install and source a script from someone else. This is not really a security issue. I haven't wasted time arguing about the reported risks. -- Your fault: core dumped /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
