[3.7] vim: arbitrary command execution in getchar.c (CVE-2019-12735)
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote
attackers to execute arbitrary OS commands via the :source!
command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
(from redmine: issue id 10562, created on 2019-06-13, closed on 2019-06-22)
- Revision aaf594bc by Natanael Copa on 2019-06-22T07:30:19Z:
main/vim: backport fix for CVE-2019-12735 fixes #10562