Release date:
2026-07-14 13:47:11 UTC
Description:
* SECURITY UPDATE: Arbitrary Ex command execution during C omni-completion: the typeref/typename tag field is interpolated unescaped into the :vimgrep pattern in s:StructMembers() in runtime/autoload/ccomplete.vim, so a crafted tags file can close the search pattern and append an arbitrary Ex command when completing a struct/union member
- debian/patches/CVE-2026-59858.patch: wrap the type field with escape(typename, '/\') before inserting it into the :vimgrep pattern in s:StructMembers() so it can no longer close the search pattern and start a new Ex command
- CVE-2026-59858
Updated packages:
-
vim_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
sha:73a501155536742c333f395e06e7caf2907ac7d6
-
vim-athena_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
sha:29cdb0a119de149587f41c501ecbe0ae0868df30
-
vim-common_8.1.0875-5+deb10u6+tuxcare.els25_all.deb
sha:4c2720c6e4407cc55ec133fabed021b4b5e935aa
-
vim-doc_8.1.0875-5+deb10u6+tuxcare.els25_all.deb
sha:32e44fc7fc9ff8dd202ee6592443ff432ddc0ae1
-
vim-gtk_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
sha:cb899ecfb1a70173c9298e1f0da5289d8e54c179
-
vim-gtk3_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
sha:32220aa5dd8c860123066b4ea37226dbecf057fa
-
vim-gui-common_8.1.0875-5+deb10u6+tuxcare.els25_all.deb
sha:54a21d7289f28da38246e6bce4ef58b85180e711
-
vim-nox_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
sha:cf93fec0422d76f7f6e566d5ef2edc82c2ad3569
-
vim-runtime_8.1.0875-5+deb10u6+tuxcare.els25_all.deb
sha:143ee55e309973a94f05f9882150c74c1db5a68d
-
vim-tiny_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
sha:edc347aedb4b078af54f4414ea8b7767e8885a93
-
xxd_8.1.0875-5+deb10u6+tuxcare.els25_amd64.deb
sha:293edafb58c0a5910036e2d580b39bfb7858f3ef
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.