[CLSA-2026:1784036814] Fix CVE(s): CVE-2026-59858
Type:
security
Severity:
Important
Release date:
2026-07-14 13:47:11 UTC
Description:
* SECURITY UPDATE: Arbitrary Ex command execution during C omni-completion: the typeref/typename tag field is interpolated unescaped into the :vimgrep pattern in s:StructMembers() in runtime/autoload/ccomplete.vim, so a crafted tags file can close the search pattern and append an arbitrary Ex command when completing a struct/union member - debian/patches/CVE-2026-59858.patch: wrap the type field with escape(typename, '/\') before inserting it into the :vimgrep pattern in s:StructMembers() so it can no longer close the search pattern and start a new Ex command - CVE-2026-59858
CVEs fixed:
Updated packages:
  • vim_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
    sha:73a501155536742c333f395e06e7caf2907ac7d6
  • vim-athena_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
    sha:29cdb0a119de149587f41c501ecbe0ae0868df30
  • vim-common_8.1.0875-5+deb10u6+tuxcare.els25_all.deb
    sha:4c2720c6e4407cc55ec133fabed021b4b5e935aa
  • vim-doc_8.1.0875-5+deb10u6+tuxcare.els25_all.deb
    sha:32e44fc7fc9ff8dd202ee6592443ff432ddc0ae1
  • vim-gtk_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
    sha:cb899ecfb1a70173c9298e1f0da5289d8e54c179
  • vim-gtk3_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
    sha:32220aa5dd8c860123066b4ea37226dbecf057fa
  • vim-gui-common_8.1.0875-5+deb10u6+tuxcare.els25_all.deb
    sha:54a21d7289f28da38246e6bce4ef58b85180e711
  • vim-nox_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
    sha:cf93fec0422d76f7f6e566d5ef2edc82c2ad3569
  • vim-runtime_8.1.0875-5+deb10u6+tuxcare.els25_all.deb
    sha:143ee55e309973a94f05f9882150c74c1db5a68d
  • vim-tiny_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
    sha:edc347aedb4b078af54f4414ea8b7767e8885a93
  • xxd_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
    sha:293edafb58c0a5910036e2d580b39bfb7858f3ef
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.