MacVim Sparkle update vulnerable to MitM?
89 views
Skip to first unread message
Ivan Wang
Feb 10, 2016, 9:12:21 PM2/10/16
to vim_mac
Hi all,
A quick check shows MacVim's autoupdate is done with Sparkle framework at 1.13.0.
Given the recent turmoil of Sparkle MitM proof of concept (see: https://sparkle-project.org/documentation/security/), is MacVim vulnerable?
MacVim up until Snapshot 96 's using vulnerable version of Sparkle, but not sure about http or https.
Thanks
Ivan.
A quick check shows MacVim's autoupdate is done with Sparkle framework at 1.13.0.
Given the recent turmoil of Sparkle MitM proof of concept (see: https://sparkle-project.org/documentation/security/), is MacVim vulnerable?
MacVim up until Snapshot 96 's using vulnerable version of Sparkle, but not sure about http or https.
Thanks
Ivan.
Kazuki Sakamoto
Feb 10, 2016, 10:47:51 PM2/10/16
to vim...@googlegroups.com
Hey Ivan,
Both URLs are https.
https://github.com/macvim-dev/macvim/blob/7a04d45bec06ce4fd52a7fa127993d98ed023583/src/MacVim/Info.plist#L1308-L1309
enclosure url
https://raw.githubusercontent.com/macvim-dev/macvim/gh-pages/appcast/latest.xml
Kazuki
> --
> --
> You received this message from the "vim_mac" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php
>
> ---
> You received this message because you are subscribed to the Google Groups "vim_mac" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vim_mac+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Both URLs are https.
https://github.com/macvim-dev/macvim/blob/7a04d45bec06ce4fd52a7fa127993d98ed023583/src/MacVim/Info.plist#L1308-L1309
enclosure url
https://raw.githubusercontent.com/macvim-dev/macvim/gh-pages/appcast/latest.xml
Kazuki
> --
> You received this message from the "vim_mac" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php
>
> ---
> You received this message because you are subscribed to the Google Groups "vim_mac" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vim_mac+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Ivan Wang
Feb 12, 2016, 8:31:13 AM2/12/16
to vim_mac
On Thursday, February 11, 2016 at 11:47:51 AM UTC+8, sakamoto wrote:
> Hey Ivan,
>
> Both URLs are https.
>
> https://github.com/macvim-dev/macvim/blob/7a04d45bec06ce4fd52a7fa127993d98ed023583/src/MacVim/Info.plist#L1308-L1309
>
> enclosure url
> https://raw.githubusercontent.com/macvim-dev/macvim/gh-pages/appcast/latest.xml
>
> Kazuki
>
> Hey Ivan,
>
> Both URLs are https.
>
> https://github.com/macvim-dev/macvim/blob/7a04d45bec06ce4fd52a7fa127993d98ed023583/src/MacVim/Info.plist#L1308-L1309
>
> enclosure url
> https://raw.githubusercontent.com/macvim-dev/macvim/gh-pages/appcast/latest.xml
>
> Kazuki
>
Hi Kazuki san,
Really appreciate for your quick and precise response.
Thanks a lot!
Ivan.
Reply all
Reply to author
Forward
0 new messages