1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-01 01:17:02 +00:00
freebsd-ports/editors/vim/pkg-message
Remko Lodder ec9063b927 Add a note about VIM's modeline support. This will instruct users
that do not need the modeline support to disable it, since it contained
remote vulnerabilities.

Reviewed by:		simon
Approved by:		portsmgr (blanket, secteam), obrien (maintainer)
2005-08-16 16:48:41 +00:00

7 lines
365 B
Plaintext

SECURITY NOTE: The VIM software has had several remote vulnerabilities
discovered within VIM's modeline support. It allowed remote attackers to
execute arbitrary code as the user running VIM. All known problems
have been fixed, but the FreeBSD Security Team advises that VIM users
use 'set nomodeline' in ~/.vimrc to avoid the possibility of trojaned
text files.