patch 9.1.1164: [security]: code execution with tar.vim and special crafted tar files Problem: editing a special crafted tar file allows code execution (RyotaK, after 129a8446d23cd9cb4445fcfea259cba5e0487d29) Solution: escape the filename before feeding it to the `:read` command Github Advisory: https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3 Signed-off-by: Christian Brabandt <cb@256bit.org>

commit: 334a13bff78aa0ad206bc436885f63e3a0bab399 [log] [tgz]
author: Christian Brabandt <cb@256bit.org> Sun Mar 02 19:33:51 2025 +0100
committer: Christian Brabandt <cb@256bit.org> Sun Mar 02 19:37:29 2025 +0100
tree: 42d042143f088a34d365a1fb41152802d6228d04
parent: 8872012e5fa48c94019967b0ce78dd6d0a1457bb [diff] [blame]
diff --git a/src/version.c b/src/version.c
index 25c2925..6fd80d6 100644
--- a/src/version.c
+++ b/src/version.c

@@ -705,6 +705,8 @@
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1164,
+/**/
     1163,
 /**/
     1162,
commit	334a13bff78aa0ad206bc436885f63e3a0bab399	[log] [tgz]
author	Christian Brabandt <cb@256bit.org>	Sun Mar 02 19:33:51 2025 +0100
committer	Christian Brabandt <cb@256bit.org>	Sun Mar 02 19:37:29 2025 +0100
tree	42d042143f088a34d365a1fb41152802d6228d04
parent	8872012e5fa48c94019967b0ce78dd6d0a1457bb [diff] [blame]