Release date:
2026-06-30 13:41:33 UTC
Description:
- CVE-2026-55693: bound the trie-descent depth counter against the
MAXWLEN-element stack arrays in tree_count_words() to prevent an
out-of-bounds write when reading a crafted spell file
(src/spellfile.c, upstream vim 9.2.0653)
- CVE-2026-55892: bound the trie-descent depth counter in dump_prefixes()
to prevent a stack out-of-bounds write with a crafted .spl spell file
(src/spell.c, upstream vim 9.2.0662)
- CVE-2026-57455: bound the single-byte SOFO result copy in
spell_soundfold_sofo() to MAXWLEN-1 to prevent a stack out-of-bounds
write when sound-folding long words (src/spell.c, upstream vim 9.2.0698)
- CVE-2026-57456: use repr() on reconstructed docstrings in the python3
omni-completion so a hostile buffer cannot break out of the
triple-quoted literal and execute arbitrary Python during completion
(runtime/autoload/python3complete.vim, upstream vim 9.2.0699)
Updated packages:
-
vim-X11-8.2.2637-22.el9_6.1.tuxcare.els37.x86_64.rpm
sha:5183c02b2198c4dae4c94d4fbf6d71fdc9c68f962c97c8dc8b0137869c2d4a72
-
vim-common-8.2.2637-22.el9_6.1.tuxcare.els37.x86_64.rpm
sha:c39bd8e1c8925a2a13137ac22419794e18e2fe808e67c0925ec3046c64bf313a
-
vim-enhanced-8.2.2637-22.el9_6.1.tuxcare.els37.x86_64.rpm
sha:1dcc486dbf02d2c81cd45e778c7fabb15a79239199df26e9bf96a49a83e8c13e
-
vim-filesystem-8.2.2637-22.el9_6.1.tuxcare.els37.noarch.rpm
sha:43b74ad42f5521bb4bcaa4f10d74e5f165288c9018e6303639b6547ed198305c
-
vim-minimal-8.2.2637-22.el9_6.1.tuxcare.els37.x86_64.rpm
sha:caa355a7afd707d1b1fea68b46229f5ead9037b3b49834ebcbdbd1d750c4f184
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.