Debian Security Advisory
DSA-3722-1 vim -- security update
- Date Reported:
- 22 Nov 2016
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-1248.
- More information:
Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the
keymapoptions, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
For the stable distribution (jessie), this problem has been fixed in version 2:7.4.488-7+deb8u1.
We recommend that you upgrade your vim packages.