oss-sec mailing list archives

Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272

From: Christian Brabandt <cb () 256bit org>
Date: Thu, 2 Apr 2026 13:20:46 +0200


Tianyu Chen schrieb am Donnerstag, den 02. April 2026:

On Thu, Apr 02, 2026 at 09:25:58AM +0200, Christian Brabandt wrote:


Sorry for being potentially off-topic, but I am wondering if I am doing 
something wrong here. Did anybody request a CVE for this? I got a 
notification from Github Support (after 10 hours or so) that they cannot 
assign a CVE for this, as there was already one assigned.

I typically hit the *Request CVE* button before I publish an advisory 
and send out the notifications, and usually github assigns those pretty 
fast, but not this time.

Does anybody here know how this works? Or did I do something wrong?


Isn't it CVE-2026-34714? I saw it noted on
https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh.


Yes, but Github did not assign it. Someone else did and GH did barely 
notify me of this already existing CVE.

Thanks,
Christian
-- 
Hallo Rechtsfahrer!

Current thread:

Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 01)
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler (Apr 02)
  - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
    - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Solar Designer (Apr 02)
- <Possible follow-ups>
- Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
  - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen (Apr 02)
    - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt (Apr 02)
    - Re: [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Salvatore Bonaccorso (Apr 03)