Package "vim-tiny"
| Name: |
vim-tiny
|
Description: |
Vi IMproved - enhanced vi editor - compact version
|
| Latest version: |
2:9.1.2141-1ubuntu4.1 |
| Release: |
resolute (26.04) |
| Level: |
security |
| Repository: |
main |
| Head package: |
vim |
| Homepage: |
https://www.vim.org/ |
Links
Download "vim-tiny"
Other versions of "vim-tiny" in Resolute
Changelog
|
vim (2:9.1.2141-1ubuntu4.1) resolute-security; urgency=medium
* SECURITY UPDATE: Path Traversal in zip.vim
- debian/patches/CVE-2026-35177.patch: Detect malicious zip files before
writing in runtime/autoload/zip.vim
- CVE-2026-35177
* SECURITY UPDATE: Command Injection in netbeans
- debian/patches/CVE-2026-39881.patch: Validate typename, fg, and bg
before passing to coloncmd in src/netbeans.c
- CVE-2026-39881
* SECURITY UPDATE: Command injection via backtick expansion in tag files
- debian/patches/CVE-2026-41411.patch: Disallow backticks before attempting
to expand filenames
- CVE-2026-41411
-- Federico Quattrin <email address hidden> Wed, 06 May 2026 13:49:47 -0300
|
| CVE-2026-35177 |
Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary f |
| CVE-2026-39881 |
Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious |
| CVE-2026-41411 |
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resol |
|
About
-
Send Feedback to @ubuntu_updates
