Release date:
2026-06-23 13:55:22 UTC
Description:
- CVE-2026-47167: use Ruby's Regexp.new() instead of Kernel.eval() in the
cucumber filetype plugin's s:stepmatch() so untrusted step-definition
patterns are treated as inert regex data, preventing Ruby (and shell)
code injection when jumping to a step in an attacker-controlled
repository (runtime/ftplugin/cucumber.vim, upstream vim 9.2.0496)
Updated packages:
-
vim-X11-8.2.2637-22.el9_6.1.tuxcare.els36.x86_64.rpm
sha:5f967c899a4d780c765ac4ac0a4f7b51c435d87fd95acb8a87b09665d5ae74db
-
vim-common-8.2.2637-22.el9_6.1.tuxcare.els36.x86_64.rpm
sha:2851483a30d492385dfad1953cedfa6c31f689e2890dfaf70a6a51e931f98d2a
-
vim-enhanced-8.2.2637-22.el9_6.1.tuxcare.els36.x86_64.rpm
sha:5f35f992a44021355d40bdf2897158404faba1740d446ae4e61b49aa1736cad4
-
vim-filesystem-8.2.2637-22.el9_6.1.tuxcare.els36.noarch.rpm
sha:70f33c44971113748ac4d90a393e5c199f43a4ba92dfd0c0792ba2aeaa414935
-
vim-minimal-8.2.2637-22.el9_6.1.tuxcare.els36.x86_64.rpm
sha:ae6a2d82af30f9efeb257338722bf7c97a317163d5d1495c958696b553c02f0d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.