[ubuntu/questing-updates] vim 2:9.1.0967-1ubuntu6.5 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon May 25 18:28:47 UTC 2026
vim (2:9.1.0967-1ubuntu6.5) questing-security; urgency=medium
* SECURITY UPDATE: Command injection in netrw plugin.
- debian/patches/CVE-2026-42307.patch: Escape file names and harden regex
patterns in runtime/autoload/netrw.vim
- CVE-2026-42307
* SECURITY UPDATE: Shell execution in completion.
- debian/patches/CVE-2026-44656.patch: Skip path entries containing
backticks and add P_SECURE option in src/findfile.c and src/optiondefs.h
- CVE-2026-44656
* SECURITY UPDATE: Heap overflow in spellfile.
- debian/patches/CVE-2026-45130.patch: Enforce a maximum compound length
in src/spellfile.c
- CVE-2026-45130
Date: 2026-05-21 22:48:09.384467+00:00
Changed-By: Kyle Kernick <kyle.kernick at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubuntu6.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list