numirias
/
security
mirror of https://github.com/numirias/security.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add CVE info

This commit is contained in:
numirias 2019-06-06 03:16:32 +02:00
parent cf4f74e0c6
commit 01f7b350bb
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -4,7 +4,7 @@ This repository will contain security-related stuff I'm doing.
Index: Index:
- 2019-06-04 [Vim/Neovim Arbitrary Code Execution via Modelines](doc/2019-06-04_ace-vim-neovim.md) - 2019-06-04 [Vim/Neovim Arbitrary Code Execution via Modelines](doc/2019-06-04_ace-vim-neovim.md) [(CVE-2019-12735)](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735)
More to come... More to come...

5
doc/2019-06-04_ace-vim-neovim.md
View File

@ -6,7 +6,7 @@ Vim/Neovim Arbitrary Code Execution via Modelines
``` ```
Product: Vim < 8.1.1365, Neovim < 0.3.6 Product: Vim < 8.1.1365, Neovim < 0.3.6
Type: Arbitrary Code Execution Type: Arbitrary Code Execution
CVE: - CVE: CVE-2019-12735
Date: 2019-06-04 Date: 2019-06-04
Author: Arminius (@rawsec) Author: Arminius (@rawsec)
``` ```
@ -129,6 +129,9 @@ Timeline
- 2019-05-22 Vim and Neovim maintainers notified - 2019-05-22 Vim and Neovim maintainers notified
- 2019-05-23 Vim patch released - 2019-05-23 Vim patch released
- 2019-05-29 Neovim patch released - 2019-05-29 Neovim patch released
- 2019-06-05 CVE ID CVE-2019-12735 assigned
Also see description of [CVE-2019-12735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12735).
[1]: https://github.com/vim/vim/blob/5c017b2de28d19dfa4af58b8973e32f31bb1477e/runtime/doc/options.txt#L582 [1]: https://github.com/vim/vim/blob/5c017b2de28d19dfa4af58b8973e32f31bb1477e/runtime/doc/options.txt#L582
[2]: https://github.com/vim/vim/blob/5c017b2de28d19dfa4af58b8973e32f31bb1477e/runtime/doc/eval.txt#L13050 [2]: https://github.com/vim/vim/blob/5c017b2de28d19dfa4af58b8973e32f31bb1477e/runtime/doc/eval.txt#L13050