Release date:
2026-07-14 09:51:51 UTC
Description:
- CVE-2026-59858: escape the typeref field with escape(typename, '/\') before
interpolating it into the :vimgrep pattern in ccomplete.vim StructMembers(),
preventing arbitrary Ex command execution during C omni-completion when
reading a crafted tags file (runtime/autoload/ccomplete.vim, upstream vim
9.2.0735)
- CVE-2026-59856: quote the class name via string() before interpolating it
into the search() pattern executed by win_execute() in phpcomplete.vim
GetClassContentsStructure(), preventing potential command execution during
PHP omni-completion (runtime/autoload/phpcomplete.vim, upstream vim 9.2.0736)
Updated packages:
-
vim-X11-8.2.2637-22.el9_6.1.tuxcare.els38.x86_64.rpm
sha:f2cffb23f13050ccd71884c3ec72163444b57540f15ea626076e91bf4af8275b
-
vim-common-8.2.2637-22.el9_6.1.tuxcare.els38.x86_64.rpm
sha:760b26eab1c5d2d16f52217892328510217ea6d61695624d6bec2332a26dc83f
-
vim-enhanced-8.2.2637-22.el9_6.1.tuxcare.els38.x86_64.rpm
sha:b033eec3565f284154ff993e43d033d370b6bfd947936c25d8f0100ba54a8a79
-
vim-filesystem-8.2.2637-22.el9_6.1.tuxcare.els38.noarch.rpm
sha:4a47d0bb55e4e9f2cf6386ca6bc1d3a0dc0a23a28ccd85828437f5ee04ff0758
-
vim-minimal-8.2.2637-22.el9_6.1.tuxcare.els38.x86_64.rpm
sha:82b9036cc8b32b20153f42cf921c97156128a0827f25e63f986a9be8107b3a36
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.