oss-sec mailing list archives
Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272
From: Tianyu Chen <sweetyfish () deepin org>
Date: Tue, 31 Mar 2026 14:46:21 +0800
On Mon, Mar 30, 2026 at 06:20:28AM -0400, Demi Marie Obenour wrote:
Should `modeline` be disabled by default in future releases? It's a huge attack surface.
In Debian, `modeline` is disabled by default. https://salsa.debian.org/vim-team/vim/-/blob/debian/sid/debian/runtime/debian.vim#L10 Best, Tianyu Chen @ deepin
Current thread:
- [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Mar 30)
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Demi Marie Obenour (Mar 30)
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Mar 31)
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler (Mar 31)
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen (Mar 31)
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Mar 31)
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Demi Marie Obenour (Mar 30)