-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-d79f89346c 2019-06-08 00:57:52.013488 --------------------------------------------------------------------------------
Name : vim Product : Fedora 30 Version : 8.1.1471 Release : 1.fc30 URL : http://www.vim.org/ Summary : The VIM editor Description : VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more.
-------------------------------------------------------------------------------- Update Information:
1717503 - Security issue: patch 8.1.1365: source command doesn't check for the sandbox -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 6 2019 Zdenek Dohnal zdohnal@redhat.com - 2:8.1.1471-1 - patchlevel 1471 * Tue May 28 2019 Zdenek Dohnal zdohnal@redhat.com - 2:8.1.1413-1 - patchlevel 1413 * Mon May 20 2019 Zdenek Dohnal zdohnal@redhat.com - 2:8.1.1359-2 - stop updating f28 * Mon May 20 2019 Zdenek Dohnal zdohnal@redhat.com - 2:8.1.1359-1 - patchlevel 1359 * Mon May 20 2019 Zdenek Dohnal zdohnal@redhat.com - 2:8.1.1137-2 - remove upstream patch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1717942 - vim/neovim: arbitrary code execution vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1717942 [ 2 ] Bug #1718308 - CVE-2019-12735 vim/neovim: arbitrary command execution in getchar.c https://bugzilla.redhat.com/show_bug.cgi?id=1718308 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-d79f89346c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------