Vscode: Security Fix

Just received update 1.47.1 linking to this issue, but it doesn't have details 😐

I updated the link. The MITRE copy is not yet updated.

The link currently just goes to this milestone (https://github.com/microsoft/vscode/milestone/128), is that expected?

Details in https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1416

That page is currently empty, so is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1416

However, if anyone is wondering, just google (_bing_?) the CVE number.

The milestone page is "empty," but if you click "closed" you'll see it. Probably should tweak the link to show closed issues.

Is there a commit/PR we can see fixing this bug? It's not super helpful to know a CVE existed if we can't verify that it was fixed properly.

@wwahammy It seems like the bug was in the closed source vscode‑distro component: https://github.com/microsoft/vscode/compare/1.47.0...1.47.1.

Ah, so there's some proprietary software that VSCode uses that apparently does something which can lead to a security hole. We don't know what it does or how risky it is to run.

This is the kind of coding quality we get when corporations prioritizes employee diversity over code quality

A thumbs down isn't enough on this one. There's zero tolerance for backwater attitude @mahen23. Reporting.