ArchLinux: 201707-22: vim: arbitrary code execution
Summary
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file.
Resolution
Upgrade to 8.0.0722-1.
# pacman -Syu "vim>=8.0.0722-1"
The problem has been fixed upstream in version 8.0.0722.
References
https://bugs.archlinux.org/task/54773 https://bugzilla.redhat.com/show_bug.cgi?id=1468492 https://www.mail-archive.com/vim_dev%40googlegroups.com/msg45274.html https://security.archlinux.org/CVE-2017-11109
Workaround
None.