editors/vim: Update to 9.2.0073, multiple security fixes
While the minor has bumped, and much has changed from 9.1 to 9.2,
we've been incrementally adopting the patches so it's not "new" to us,
per se. All the gory details are at:
https://github.com/vim/vim/blob/master/runtime/doc/version9.txt
This commit adds patches for six security issues:
patch 9.2.0073: [security]: possible command injection using netrw
Problem: [security]: Insufficient validation of hostname and port in
netrw URIs allows command injection via shell metacharacters
(ehdgks0627, un3xploitable).
Solution: Implement stricter RFC1123 hostname and IP validation.
Use shellescape() for the provided hostname and port.
Github Advisory:
GHSA-m3xh-9434-g336
[63 lines not shown]
editors/vim: Update to 9.2.0073, multiple security fixes
While the minor has bumped, and much has changed from 9.1 to 9.2,
we've been incrementally adopting the patches so it's not "new" to us,
per se. All the gory details are at:
https://github.com/vim/vim/blob/master/runtime/doc/version9.txt
This commit adds patches for six security issues:
patch 9.2.0073: [security]: possible command injection using netrw
Problem: [security]: Insufficient validation of hostname and port in
netrw URIs allows command injection via shell metacharacters
(ehdgks0627, un3xploitable).
Solution: Implement stricter RFC1123 hostname and IP validation.
Use shellescape() for the provided hostname and port.
Github Advisory:
GHSA-m3xh-9434-g336
[62 lines not shown]