[ubuntu/resolute-security] vim 2:9.1.2141-1ubuntu4.2 (Accepted)
Kyle Kernick
kyle.kernick at canonical.com
Mon May 25 17:45:17 UTC 2026
vim (2:9.1.2141-1ubuntu4.2) resolute-security; urgency=medium
* SECURITY UPDATE: Command injection in netrw plugin.
- debian/patches/CVE-2026-42307.patch: Escape file names and harden regex
patterns in runtime/pack/dist/opt/netrw/autoload/netrw.vim
- CVE-2026-42307
* SECURITY UPDATE: Shell execution in completion.
- debian/patches/CVE-2026-44656.patch: Skip path entries containing
backticks and add P_SECURE option in src/findfile.c and src/optiondefs.h
- CVE-2026-44656
* SECURITY UPDATE: Heap overflow in spellfile.
- debian/patches/CVE-2026-45130.patch: Enforce a maximum compound length
in src/spellfile.c
- CVE-2026-45130
Date: 2026-05-21 21:41:35.521298+00:00
Changed-By: Kyle Kernick <kyle.kernick at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:9.1.2141-1ubuntu4.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Resolute-changes
mailing list