ASA-201707-22 generated external raw

[ASA-201707-22] vim: arbitrary code execution
Arch Linux Security Advisory ASA-201707-22 ========================================== Severity: High Date : 2017-07-18 CVE-ID : CVE-2017-11109 Package : vim Type : arbitrary code execution Remote : No Link : Summary ======= The package vim before version 8.0.0722-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 8.0.0722-1. # pacman -Syu "vim>=8.0.0722-1" The problem has been fixed upstream in version 8.0.0722. Workaround ========== None. Description =========== Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. Impact ====== An attacker is able to execute arbitrary code by tricking a user to locally execute a specially crafted vim source file. References ==========