]> git.ipfire.org Git - thirdparty/vim.git/commit
projects / thirdparty / vim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8872012) | patch
patch 9.1.1164: [security]: code execution with tar.vim and special crafted tar files v9.1.1164
authorChristian Brabandt <cb@256bit.org>
Sun, 2 Mar 2025 18:33:51 +0000 (19:33 +0100)
committerChristian Brabandt <cb@256bit.org>
Sun, 2 Mar 2025 18:37:29 +0000 (19:37 +0100)
commit334a13bff78aa0ad206bc436885f63e3a0bab399
tree42d042143f088a34d365a1fb41152802d6228d04tree
parent8872012e5fa48c94019967b0ce78dd6d0a1457bbcommit | diff
patch 9.1.1164: [security]: code execution with tar.vim and special crafted tar files

Problem:  editing a special crafted tar file allows code execution
          (RyotaK, after 129a8446d23cd9cb4445fcfea259cba5e0487d29)
Solution: escape the filename before feeding it to the `:read` command

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3

Signed-off-by: Christian Brabandt <cb@256bit.org>
runtime/autoload/tar.vim diff | blob | blame | history
src/version.c diff | blob | blame | history
Mirror of https://github.com/vim/vim.git