Subject: vim security problem
To: None <>
From: Alan Post <>
List: tech-pkg
Date: 01/16/2003 16:37:18
The version of vim in pkgsrc (6.1) is vulnerable to a scripting attack
reminiscent of MS Office programs, javascript-enabled browsers, java
applets, and the like:

I just tried the attack out on my NetBSD 1.6 box; it worked just fine.

There are patches out to fix this, and FreeBSD ports is using them.
Strangely, though, the problem is not prominently mentioned on the site.