Debian DSA-3722-1 : vim - security update
Medium Nessus Plugin ID 95264
SynopsisThe remote Debian host is missing a security-related update.
DescriptionFlorian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the 'filetype','syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
SolutionUpgrade the vim packages.
For the stable distribution (jessie), this problem has been fixed in version 2:7.4.488-7+deb8u1.