Bug 24929 - vim, neovim new security issue CVE-2019-12735
Summary: vim, neovim new security issue CVE-2019-12735
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Thierry Vignaud
QA Contact: Sec team
URL:
Whiteboard: MGA6TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2019-06-06 14:20 CEST by David Walser
Modified: 2019-08-12 00:39 CEST (History)
4 users (show)

See Also:
Source RPM: vim-8.1.1048-1.mga7.src.rpm, neovim-0.3.5-1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2019-06-06 14:20:11 CEST
A security issue fixed upstream in vim and neovim has been announced:
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md

The issue is fixed upstream in vim 8.1.1365 and neovim 0.3.6.

Mageia 6 and Mageia 7 are also affected.
David Walser 2019-06-06 14:20:20 CEST

Whiteboard: (none) => MGA7TOO, MGA6TOO

Comment 1 Marja Van Waes 2019-06-07 07:42:54 CEST
Assigning to the neovim maintainer, because he might have more time than the vim maintainer.

CC'ing the vim maintainer.

Assignee: bugsquad => smelror
CC: (none) => marja11, thierry.vignaud

Comment 2 Stig-Ørjan Smelror 2019-06-07 10:15:11 CEST
Neovim 0.3.7 pushed to updates_testing
Comment 3 David Walser 2019-06-27 20:26:25 CEST
RedHat has issued an advisory for vim on June 26:
https://access.redhat.com/errata/RHSA-2019:1619
Comment 4 Stig-Ørjan Smelror 2019-07-04 19:33:48 CEST
Advisory
========

Neovim has been updated to fix a security issue.

CVE-2019-12735: getchar.c in Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by assert_fails or nvim_input in Neovim.

References
==========
https://nvd.nist.gov/vuln/detail/CVE-2019-12735


Files
=====

Uploaded to core/updates_testing

neovim-0.3.7-1.mga7
neovim-data-0.3.7-1.mga7

from neovim-0.3.7-1.mga7.src.rpm
Stig-Ørjan Smelror 2019-07-04 19:34:02 CEST

Assignee: smelror => qa-bugs

Comment 5 David Walser 2019-07-04 20:07:02 CEST
vim needs to be fixed too.

CC: (none) => qa-bugs, smelror
Version: Cauldron => 7
Whiteboard: MGA7TOO, MGA6TOO => MGA6TOO
Assignee: qa-bugs => thierry.vignaud

Comment 6 David Walser 2019-08-11 22:33:21 CEST
Debian has issued an advisory for this on June 13:
https://www.debian.org/security/2019/dsa-4467

Ubuntu has issued advisories for this on June 11:
https://usn.ubuntu.com/4016-1/
https://usn.ubuntu.com/4016-2/

Severity: normal => major

Comment 7 David Walser 2019-08-12 00:39:12 CEST
Debian has issued an advisory for this on July 23:
https://www.debian.org/security/2019/dsa-4487

Note You need to log in before you can comment on or make changes to this bug.