PublicArchive/vim
2
0
Fork 0
mirror of https://github.com/vim/vim.git synced 2026-05-06 12:26:58 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
v9.2.0435
vim/runtime
T
History
Christian Brabandt 190cb3c2b9 patch 9.2.0435: [security]: backticks in 'path' may cause shell execution on completion 
Problem:  [security]: Backticks enclosed shell commands in the 'path'
          option value are executed during completion (q1uf3ng).
Solution: Skip path entries containing backticks, add P_SECURE to 'path'
          option, so that it cannot be set from a modeline (for symmetry with
          the 'cdpath' option)

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg

Supported by AI.

Signed-off-by: Christian Brabandt <cb@256bit.org>
2026-05-03 18:17:02 +00:00
..
autoload
patch 9.2.0421: vimball: can smuggle Vimscript into VimballRecord file
2026-04-29 20:36:14 +00:00
bitmaps
colors
compiler
patch 9.2.0225: runtime(compiler): No compiler plugin for just
2026-03-22 16:46:41 +00:00
doc
patch 9.2.0435: [security]: backticks in 'path' may cause shell execution on completion
2026-05-03 18:17:02 +00:00
ftplugin
runtime(help): fix wrong check for existing HelpComplete function
2026-04-26 14:36:23 +00:00
icons
import/dist
indent
runtime(handlebars): adds handlebars template syntax & indent support
2026-03-05 20:06:02 +00:00
keymap
lang
macros
pack/dist/opt
patch 9.2.0383: [security]: runtime(netrw): shell-injection via sftp: and file: URLs
2026-04-21 19:08:05 +00:00
plugin
runtime(manpager): use \x07 instead of \a for BEL in OSC 8 regex
2026-03-24 19:48:44 +00:00
print
spell
syntax
runtime(algol68): Update syntax file, match symbolic identity relators
2026-05-01 16:35:57 +00:00
tools
runtime(preproc_indent): Ignore Swapfiles when loading buffers
2026-04-02 17:53:30 +00:00
tutor
bugreport.vim
defaults.vim
delmenu.vim
doc.info
evim.vim
filetype.vim
patch 9.2.0371: filetype: ghostty config files are not recognized
2026-04-20 14:50:37 +00:00
ftoff.vim
ftplugin.vim
ftplugof.vim
gvim.desktop
translation: Regenerate desktop files in runtime directory
2026-03-22 16:27:43 +00:00
gvimrc_example.vim
hi16-action-make.png
hi22-action-make.png
icons.info
indent.vim
indoff.vim
macmap.vim
macros.info
makemenu.vim
menu.vim
mswin.vim
optwin.vim
runtime(doc): fix incorrect description of 'scrolloffpad'
2026-04-21 19:34:18 +00:00
scripts.vim
synmenu.vim
termcap
tools.info
tutor.info
vim16x16_png.h
patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
2026-03-08 20:10:03 +00:00
vim16x16.gif
vim16x16.png
vim16x16.xpm
vim32x32_png.h
patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
2026-03-08 20:10:03 +00:00
vim32x32.gif
vim32x32.png
vim32x32.xpm
vim48x48_png.h
patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
2026-03-08 20:10:03 +00:00
vim48x48.gif
vim48x48.png
vim48x48.xpm
vim.desktop
translation: Regenerate desktop files in runtime directory
2026-03-22 16:27:43 +00:00
vimlogo.cdr
vimlogo.eps
vimlogo.gif
vimlogo.pdf
vimlogo.svg
vimlogo.xpm
vimrc_example.vim
xdg.vim