Release date:
2026-07-02 13:34:20 UTC
Description:
- CVE-2026-55693: bound the trie-descent depth counter against the
MAXWLEN-element stack arrays in tree_count_words() to prevent an
out-of-bounds write when reading a crafted spell file
(src/spellfile.c, upstream vim 9.2.0653)
- CVE-2026-55892: bound the trie-descent depth counter in dump_prefixes()
to prevent a stack out-of-bounds write with a crafted .spl spell file
(src/spell.c, upstream vim 9.2.0662)
- CVE-2026-57455: bound the single-byte SOFO result copy in
spell_soundfold_sofo() to MAXWLEN-1 to prevent a stack out-of-bounds
write when sound-folding long words (src/spell.c, upstream vim 9.2.0698)
- CVE-2026-57456: use repr() on reconstructed docstrings in the python3
omni-completion so a hostile buffer cannot break out of the
triple-quoted literal and execute arbitrary Python during completion
(runtime/autoload/python3complete.vim, upstream vim 9.2.0699)
Updated packages:
-
vim-X11-8.2.2637-22.el9_2.1.tuxcare.els37.x86_64.rpm
sha:d0856f5de2d10d54bc57e23840c663328072e6dbeac1c0dcd35f3fa53e6999d9
-
vim-common-8.2.2637-22.el9_2.1.tuxcare.els37.x86_64.rpm
sha:965f75630f734ea6a003de34430f22a768ef7b693916bea3dbd3b96aa02d6e70
-
vim-enhanced-8.2.2637-22.el9_2.1.tuxcare.els37.x86_64.rpm
sha:9f68b4708ba46d1fa108a65f1c2982d74b0e218a380c3112e18cb13efb0526db
-
vim-filesystem-8.2.2637-22.el9_2.1.tuxcare.els37.noarch.rpm
sha:593756ffacfd4abb4f829c158ade3726c28779570422b12c382b73597102aa65
-
vim-minimal-8.2.2637-22.el9_2.1.tuxcare.els37.x86_64.rpm
sha:f3e006de39e04458cdf786d3684022ed3a3e1a470bb6760cf8713c1c44b43a6b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.