Release date:
2026-07-14 10:04:23 UTC
Description:
- CVE-2026-59858: escape the typeref field with escape(typename, '/\') before
interpolating it into the :vimgrep pattern in ccomplete.vim StructMembers(),
preventing arbitrary Ex command execution during C omni-completion when
reading a crafted tags file (runtime/autoload/ccomplete.vim, upstream vim
9.2.0735)
- CVE-2026-59856: quote the class name via string() before interpolating it
into the search() pattern executed by win_execute() in phpcomplete.vim
GetClassContentsStructure(), preventing potential command execution during
PHP omni-completion (runtime/autoload/phpcomplete.vim, upstream vim 9.2.0736)
Updated packages:
-
vim-X11-8.2.2637-22.el9_2.1.tuxcare.els38.x86_64.rpm
sha:06626b23fc3c72309562e2a0e284f1823e9aa80f9a86e31a2b2917e4914a3692
-
vim-common-8.2.2637-22.el9_2.1.tuxcare.els38.x86_64.rpm
sha:0ccad2b0a153aaf00052c9d88ff9a6a8189505a6a8b16e9ea0676c07e3a489f7
-
vim-enhanced-8.2.2637-22.el9_2.1.tuxcare.els38.x86_64.rpm
sha:7d2fdd2e1547b62ff2ccd7e0c50ccf9227ee3b6568ea56e968d5cc506530df1d
-
vim-filesystem-8.2.2637-22.el9_2.1.tuxcare.els38.noarch.rpm
sha:18841726615cd7e1101d96a85f8749f21970dcc6916f7ed5bb1a8c4a54b71efc
-
vim-minimal-8.2.2637-22.el9_2.1.tuxcare.els38.x86_64.rpm
sha:3cf49da2dab9d75c3d2cbb922a4c9f649284b06b39192bb245c886cb7da46a96
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.