Package "vim"
| Name: |
vim
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Vi IMproved - enhanced vi editor - with GTK3 GUI
- Vi IMproved - Common GUI files
- Vi IMproved - enhanced vi editor - with Motif GUI
- Vi IMproved - enhanced vi editor - with scripting languages support
|
| Latest version: |
2:9.1.2141-1ubuntu4.7 |
| Release: |
resolute (26.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "vim" in Resolute
Packages in group
Deleted packages are displayed in grey.
Changelog
|
vim (2:9.1.2141-1ubuntu4.7) resolute-security; urgency=medium
* SECURITY UPDATE: Command execution in PHP omni-completion.
- debian/patches/CVE-2026-59856.patch: Quote the class name before
inserting it into the search() in runtime/autoload/phpcomplete.vim
- CVE-2026-59856
* SECURITY UPDATE: Stack out-of-bounds write in spell_soundfold_sal().
- debian/patches/CVE-2026-59857.patch: Bound the single-byte SAL result
writes in src/spell.c
- CVE-2026-59857
* SECURITY UPDATE: Arbitrary command execution during C omni-completion.
- debian/patches/CVE-2026-59858.patch: Escape the type field before
inserting it into pattern in runtime/autoload/ccomplete.vim
- CVE-2026-59858
-- Kyle Kernick <email address hidden> Mon, 13 Jul 2026 11:06:53 -0600
|
| Source diff to previous version |
| CVE-2026-59856 |
Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a |
| CVE-2026-59857 |
Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word |
| CVE-2026-59858 |
Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the t |
|
|
vim (2:9.1.2141-1ubuntu4.6) resolute-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds write.
- debian/patches/CVE-2026-55693.patch: only descend while
depth < MAXWLEN - 1 in src/spellfile.c.
- debian/patches/CVE-2026-55892.patch: only descend while
depth < MAXWLEN - 1 in src/spell.c.
- CVE-2026-55693
- CVE-2026-55892
* SECURITY UPDATE: Code injection in local file deletion.
- debian/patches/CVE-2026-55895.patch: Use fnameescape() to escape
file name in runtime/pack/dist/opt/netrw/autoload/netrw.vim.
- CVE-2026-55895
* SECURITY UPDATE: Out-of-bounds read with sodium encrypted files.
- debian/patches/CVE-2026-57452.patch: Verify that there is enough space
before function call in src/crypt.c.
- CVE-2026-57452
* SECURITY UPDATE: Powershell code execution in zip.vim.
- debian/patches/CVE-2026-57453.patch: Escape powershell code in
runtime/autoload/zip.vim.
- CVE-2026-57453
* SECURITY UPDATE: Out-of-bounds write with soundfold().
- debian/patches/CVE-2026-57455.patch: Add an abort condition to validate
buffer in src/spell.c.
- CVE-2026-57455
* SECURITY UPDATE: Code execution with python complete.
- debian/patches/CVE-2026-57456.patch: Use repr() to quote the doc strings
in runtime/autoload/python3complete.vim and ../pythoncomplete.vim.
- CVE-2026-57456
-- Kyle Kernick <email address hidden> Tue, 30 Jun 2026 11:00:04 -0600
|
| Source diff to previous version |
| CVE-2026-55693 |
Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields |
| CVE-2026-55892 |
Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iterat |
| CVE-2026-55895 |
Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the ne |
| CVE-2026-57452 |
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xch |
| CVE-2026-57453 |
Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell |
| CVE-2026-57455 |
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word |
| CVE-2026-57456 |
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy |
|
|
vim (2:9.1.2141-1ubuntu4.5) resolute-security; urgency=medium
* debian/patches/0005-skip-autocmd-test-failing-on-arm64.patch
- Skip tests failing on arm64
-- Kyle Kernick <email address hidden> Wed, 17 Jun 2026 09:37:36 -0600
|
| Source diff to previous version |
|
vim (2:9.1.2141-1ubuntu4.3) resolute-security; urgency=medium
* SECURITY UPDATE: Command injection in tar plugin.
- debian/patches/CVE-2026-46483.patch: Use the correct shell-escape in
runtime/autoload/tar.vim.
- CVE-2026-46483
* SECURITY UPDATE: Code injection via mf command.
- debian/patches/CVE-2026-43961.patch: Avoid string concatenation for
filter commands in runtime/pack/dist/opt/netrw/autoload/netrw.vim.
- CVE-2026-43961
-- Kyle Kernick <email address hidden> Tue, 02 Jun 2026 15:57:23 -0600
|
| Source diff to previous version |
| CVE-2026-46483 |
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/ta |
|
|
vim (2:9.1.2141-1ubuntu4.2) resolute-security; urgency=medium
* SECURITY UPDATE: Command injection in netrw plugin.
- debian/patches/CVE-2026-42307.patch: Escape file names and harden regex
patterns in runtime/pack/dist/opt/netrw/autoload/netrw.vim
- CVE-2026-42307
* SECURITY UPDATE: Shell execution in completion.
- debian/patches/CVE-2026-44656.patch: Skip path entries containing
backticks and add P_SECURE option in src/findfile.c and src/optiondefs.h
- CVE-2026-44656
* SECURITY UPDATE: Heap overflow in spellfile.
- debian/patches/CVE-2026-45130.patch: Enforce a maximum compound length
in src/spellfile.c
- CVE-2026-45130
-- Kyle Kernick <email address hidden> Wed, 20 May 2026 13:11:32 -0600
|
| CVE-2026-42307 |
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin |
| CVE-2026-44656 |
Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line |
| CVE-2026-45130 |
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when |
|
About
-
Send Feedback to @ubuntu_updates