CVE-2019-12735

Priority
Description
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote
attackers to execute arbitrary OS commands via the :source! command in a
modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input
in Neovim.
Ubuntu-Description
It was discovered that Vim incorrectly handled certain files. An attacker
could possibly use this issue to execute arbitrary code.
Assigned-to
leosilva
Notes
leosilvaneither precise/esm or trusty/esm seems to be
affected. The POC was not reproducible in these
releases
Package
Upstream:released (0.3.6)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (0.3.4-2)
Ubuntu 20.10 (Groovy Gorilla):not-affected (0.3.4-2)
Package
Source: vim (LP Ubuntu Debian)
Upstream:released (8.1.1365)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):released (2:7.4.1689-3ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:8.0.1453-1ubuntu1.1)
Ubuntu 20.04 LTS (Focal Fossa):released (2:8.1.0875-4ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):released (2:8.1.0875-4ubuntu1)
More Information

Updated: 2020-09-09 22:47:20 UTC (commit b67d7d8b03f173f825cd706df5bd078bca500b0e)