PublicDateAtUSN: 2016-11-23
Candidate: CVE-2016-1248
PublicDate: 2016-11-23 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248
 http://openwall.com/lists/oss-security/2016/11/22/20
 https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
 https://github.com/vim/vim/releases/tag/v8.0.0056
 https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
 https://lists.debian.org/debian-security-announce/2016/msg00305.html
 https://ubuntu.com/security/notices/USN-3139-1
Description:
 vim before patch 8.0.0056 does not properly validate values for the
 'filetype', 'syntax' and 'keymap' options, which may result in the
 execution of arbitrary code if a file with a specially crafted modeline is
 opened.
Ubuntu-Description:
 Florian Larysch discovered that the Vim text editor did not properly
 validate values for the 'filetype', 'syntax', and 'keymap' options.
 An attacker could trick a user into opening a file with specially
 crafted modelines and possibly execute arbitrary code with the
 user's privileges.
Notes:
Bugs:
Priority: medium
Discovered-by: Florian Larysch
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_vim:
 upstream: https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
upstream_vim: released (2:8.0.0095-1)
precise_vim: released (2:7.3.429-2ubuntu2.2)
precise/esm_vim: released (2:7.3.429-2ubuntu2.2)
trusty_vim: released (2:7.4.052-1ubuntu3.1)
trusty/esm_vim: released (2:7.4.052-1ubuntu3.1)
vivid/stable-phone-overlay_vim: ignored (reached end-of-life)
vivid/ubuntu-core_vim: ignored (reached end-of-life)
xenial_vim: released (2:7.4.1689-3ubuntu1.2)
esm-infra/xenial_vim: released (2:7.4.1689-3ubuntu1.2)
yakkety_vim: released (2:7.4.1829-1ubuntu2.1)
zesty_vim: not-affected (2:8.0.0095-1ubuntu2)
devel_vim: not-affected (2:8.0.0095-1ubuntu2)

Patches_neovim:
 upstream: https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
upstream_neovim: released (0.1.6-4)
precise_neovim: DNE
precise/esm_neovim: DNE
trusty_neovim: DNE
trusty/esm_neovim: DNE
vivid/stable-phone-overlay_neovim: DNE
vivid/ubuntu-core_neovim: DNE
xenial_neovim: DNE
yakkety_neovim: DNE
zesty_neovim: not-affected (0.1.6-5)
devel_neovim: not-affected (0.1.6-5)