From 01f7b350bb232022d22f619cc1f24adbb99b6bc7 Mon Sep 17 00:00:00 2001 From: numirias Date: Thu, 6 Jun 2019 03:16:32 +0200 Subject: [PATCH] Add CVE info --- README.md | 2 +- doc/2019-06-04_ace-vim-neovim.md | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0246c61..b2038ff 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This repository will contain security-related stuff I'm doing. Index: -- 2019-06-04 [Vim/Neovim Arbitrary Code Execution via Modelines](doc/2019-06-04_ace-vim-neovim.md) +- 2019-06-04 [Vim/Neovim Arbitrary Code Execution via Modelines](doc/2019-06-04_ace-vim-neovim.md) [(CVE-2019-12735)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735) More to come... diff --git a/doc/2019-06-04_ace-vim-neovim.md b/doc/2019-06-04_ace-vim-neovim.md index e56abc1..2ca7653 100644 --- a/doc/2019-06-04_ace-vim-neovim.md +++ b/doc/2019-06-04_ace-vim-neovim.md @@ -6,7 +6,7 @@ Vim/Neovim Arbitrary Code Execution via Modelines ``` Product: Vim < 8.1.1365, Neovim < 0.3.6 Type: Arbitrary Code Execution -CVE: - +CVE: CVE-2019-12735 Date: 2019-06-04 Author: Arminius (@rawsec) ``` @@ -129,6 +129,9 @@ Timeline - 2019-05-22 Vim and Neovim maintainers notified - 2019-05-23 Vim patch released - 2019-05-29 Neovim patch released + - 2019-06-05 CVE ID CVE-2019-12735 assigned + +Also see description of [CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735). [1]: https://github.com/vim/vim/blob/5c017b2de28d19dfa4af58b8973e32f31bb1477e/runtime/doc/options.txt#L582 [2]: https://github.com/vim/vim/blob/5c017b2de28d19dfa4af58b8973e32f31bb1477e/runtime/doc/eval.txt#L13050