Source: vim
Version: 2:9.1.0861-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 2:9.0.1378-2
Control: found -1 2:9.1.1113-1
Hi,
The following vulnerability was published for vim.
CVE-2025-27423[0]:
| Vim is an open source, command line text editor. Vim is distributed
| with the tar.vim plugin, that allows easy editing and viewing of
| (compressed or uncompressed) tar files. Starting with 9.1.0858, the
| tar.vim plugin uses the ":read" ex command line to append below the
| cursor position, however the is not sanitized and is taken literally
| from the tar archive. This allows to execute shell commands via
| special crafted tar archives. Whether this really happens, depends
| on the shell being used ('shell' option, which is set using $SHELL).
| The issue has been fixed as of Vim patch v9.1.1164
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-27423
https://www.cve.org/CVERecord?id=CVE-2025-27423
[1] https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
[2] https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399
Regards,
Salvatore
