Release date:
2026-07-02 09:32:33 UTC
Description:
- CVE-2026-47167: use Ruby's Regexp.new() instead of Kernel.eval() in the
cucumber filetype plugin's s:stepmatch() so untrusted step-definition
patterns are treated as inert regex data, preventing Ruby (and shell)
code injection when jumping to a step in an attacker-controlled
repository (runtime/ftplugin/cucumber.vim, upstream vim 9.2.0496)
Updated packages:
-
vim-X11-8.2.2637-22.el9_2.1.tuxcare.els36.x86_64.rpm
sha:648f411da9e87c6df48d89f31d827dfa3aa254ae5b5bf3a98e53b96c988a88fe
-
vim-common-8.2.2637-22.el9_2.1.tuxcare.els36.x86_64.rpm
sha:cfad15caa0400ccc38652be73ed396fd0538138e017e9f40526d8b69486f57d4
-
vim-enhanced-8.2.2637-22.el9_2.1.tuxcare.els36.x86_64.rpm
sha:70a1897c9e2e9e35236bb87ec4a9010c913f002dae5e638759d6278a35a404e6
-
vim-filesystem-8.2.2637-22.el9_2.1.tuxcare.els36.noarch.rpm
sha:6a13d4aee4f4fcba275c8ecfc85c44acffe168b5f9b357157e651ababfe538f5
-
vim-minimal-8.2.2637-22.el9_2.1.tuxcare.els36.x86_64.rpm
sha:d64b80ccbc26df659374da0c81d95603972b93b3e500bc5e9776429d2ca560ac
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.