Release date:
2026-06-30 09:09:52 UTC
Description:
* SECURITY UPDATE: out-of-bounds write parsing a crafted spell file:
tree_count_words() and sug_filltree() descended the word trie without
bounding the recursion depth, so a deeply nested trie wrote past the
ends of their MAXWLEN-sized arridx[], curi[] and wordcount[] arrays.
- debian/patches/CVE-2026-55693.patch: only descend while
depth < MAXWLEN - 1 in both trie walkers, in src/spell.c; matches
upstream patch 9.2.0653.
- CVE-2026-55693
* SECURITY UPDATE: stack out-of-bounds write in dump_prefixes() when
dumping spell prefixes (:spelldump): the word trie was descended
without bounding the recursion depth, overflowing the MAXWLEN-sized
prefix[], arridx[] and curi[] arrays.
- debian/patches/CVE-2026-55892.patch: only descend while
depth < MAXWLEN - 1, in src/spell.c; matches upstream patch
9.2.0662.
- CVE-2026-55892
* SECURITY UPDATE: out-of-bounds write in soundfold(): the single-byte
branch of spell_soundfold_sofo() wrote one result byte per input byte
into the MAXWLEN-sized res[] buffer with no bound, so a long word
overflowed it.
- debian/patches/CVE-2026-57455.patch: stop the translation loop once
ri reaches MAXWLEN - 1, in src/spell.c; matches upstream patch
9.2.0698.
- CVE-2026-57455
* SECURITY UPDATE: arbitrary code execution in the python and python3
omni-completion plugins: reconstructed class/function definitions ran
through exec() embedded buffer-supplied docstrings inside a triple-
quoted Python string literal, so a docstring containing a closing
triple-quote broke out of the literal and executed attacker code.
- debian/patches/CVE-2026-57456.patch: quote docstrings with repr()
instead of triple-quoting, in runtime/autoload/python3complete.vim
and pythoncomplete.vim; matches upstream patch 9.2.0699.
- CVE-2026-57456
Updated packages:
-
vim_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:dcc06394be20d1504cbc0e8a1b8c0268ec72de7d
-
vim-athena_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:d76b058106e24765f34cde47cbeb2fbc4731aea4
-
vim-athena-py2_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:f1916391d0a48949702d7f58b2449914a95e134d
-
vim-common_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:0a329e387d81cad9e361ba1f7db0c94f2d92f93d
-
vim-doc_7.4.1689-3ubuntu1.5+tuxcare.els70_all.deb
sha:2ccd28644b6e5dd53440e9384a4f920012fd8c6e
-
vim-gnome_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:12c4dcbd949eda2aa230226198e43cc4ee549380
-
vim-gnome-py2_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:b6b0fe9573062903560e74f6967fd6a88e5e687b
-
vim-gtk_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:87c2c356e10313b42ca8123138056dc4a461b0ba
-
vim-gtk-py2_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:e1d197d7ae581294a84abf42c687855ed7507f8a
-
vim-gtk3_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:549d5004d4a9df48a693443f75c575c82857d237
-
vim-gtk3-py2_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:655c0527bc3d08782f113870438da259cb4587c5
-
vim-gui-common_7.4.1689-3ubuntu1.5+tuxcare.els70_all.deb
sha:a8e4d16266866be200f705c691bec5df6680b7e1
-
vim-nox_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:0283345e5e0b1508a7e80fa466704f3727f6a358
-
vim-nox-py2_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:a18078c0d8e7e5262da014c8e039c1922900b619
-
vim-runtime_7.4.1689-3ubuntu1.5+tuxcare.els70_all.deb
sha:db361ce266b8e2cf75df786531d5761b3fb73dd4
-
vim-tiny_7.4.1689-3ubuntu1.5+tuxcare.els70_amd64.deb
sha:42e35b42f853917936dc051a1faa08c98a0c42c1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.