git.ipfire.org Git - thirdparty/vim.git/commit

author	Hirohito Higashi <h.east.727@gmail.com>
	Fri, 26 Jun 2026 06:41:24 +0000 (15:41 +0900)
committer	Christian Brabandt <cb@256bit.org>
	Fri, 26 Jun 2026 22:02:46 +0000 (22:02 +0000)
commit	6b611b0d15603c52ebdad17172b0232b4f65704e
tree	2627fca09f8a92f20ecc1e8bf23a4fb26cae1915	tree \| snapshot
parent	1188cac8f42509f4bdabaf5e102c961ba3fd1205	commit \| diff

patch 9.2.0735: [security]: arbitrary Ex command execution during C omni-completion

Problem:  [security]: With C omni-completion, a crafted tags file can execute
          arbitrary Ex commands when completing a struct/union member
          (cipher-creator)
Solution: Escape the type field before inserting it into the :vimgrep
          pattern so it cannot close the pattern and start a new command
          (Hirohito Higashi).

Github Security Advisory:
https://github.com/vim/vim/security/advisories/GHSA-mf92-v4xw-j45x

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>"
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

runtime/autoload/ccomplete.vim		diff \| blob \| blame \| history
src/testdir/Make_all.mak		diff \| blob \| blame \| history
src/testdir/test_plugin_ccomplete.vim	[new file with mode: 0644]	blob
src/version.c		diff \| blob \| blame \| history