Did you get a CVE number for this? Would be handy to track if distros have rolled out a patch yet. Also I'd be interested in learning how you found this bug. It looks like the sort of thing that might be hard to get to if you were just fuzzing modelines.
Arbitrary code execution vulnerability in Vim < 8.1.1365 and Neovim < 0.3.6 via modelines. 
Also, why you should not use Vim with default config, or cat without -v. https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md …pic.twitter.com/QgOx7UWyYp
-
-
-
It got CVE-2019-12735. I had suspected the modeline "sandbox" didn't receive much attention, so it was just an afternoon of manually looking through the vim source and docs.
Kraj razgovora
Novi razgovor -
-
-
Which vim configurations should be set to improve security?
-
Heretofore I will now use: hexdump -C <file>
- Još 3 druga odgovora
Novi razgovor -
-
- Kraj razgovora
Novi razgovor -
-
I just started using Vim today.
- Kraj razgovora
Novi razgovor -
-
-
Wow. Just when I was considering re-enabling modelines too
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.