RHEL Packaging Agent
158f6c1c71
Fix CVE-2026-46483: command injection in vim tar plugin
...
Backport upstream commit 3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1
to fix a command injection vulnerability (CVE-2026-46483) in
the vim tar plugin. The fix changes shellescape(tartail) to
shellescape(tartail, 1) in two places in the tar#Vimuntar()
function in runtime/autoload/tar.vim, ensuring proper shell
escaping when executing external commands via :! commands.
The patch was manually adapted for vim 8.0, omitting the
src/version.c hunk and the Vim9-based test file which are not
compatible with this version.
CVE: CVE-2026-46483
Upstream patches:
- 3fb5e58fbc .patch
Resolves: RHEL-178234
This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.
Assisted-by: Ymir
2026-06-03 11:05:34 +00:00
Zdenek Dohnal
ca75fea6d3
CVE-2026-41411 vim: Command injection via backticks in tag files
...
Resolves: RHEL-171485
2026-05-21 14:18:04 +02:00
Zdenek Dohnal
71ad3c53aa
add comments describing changes from upstream in last 3 patches
...
Related: RHEL-170126
2026-05-21 11:45:24 +02:00
Zdenek Dohnal
b641db983e
CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
...
Resolves: RHEL-170126
2026-05-20 15:21:28 +02:00
Zdenek Dohnal
f7d28fedc6
Related: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass
2026-04-17 14:40:45 +02:00
Zdenek Dohnal
6cd1353d0a
Resolves: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass
2026-04-16 17:57:31 +02:00
pdancak
401ebe2ecf
RHEL-155412 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
...
Resolves: RHEL-155412
rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
2026-04-01 15:43:11 +02:00
pdancak
83b175fed1
RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
...
Resolves: RHEL-155428
rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
2026-04-01 10:45:46 +02:00
pdancak
9254b79bcd
RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
...
Resolves: RHEL-159620
rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
2026-03-31 14:10:48 +02:00
Zdenek Dohnal
07cd9103e4
RHEL-147935 CVE-2026-25749 vim: Heap Overflow in Vim
...
Resolves: RHEL-147935
2026-03-06 13:50:33 +01:00
Zdenek Dohnal
3761e410a8
Fix rpminspect issues
...
Related: RHEL-112003
2025-09-18 15:07:33 +02:00
Zdenek Dohnal
f9ed7bf51c
RHEL-112007 CVE-2025-53906 vim: Vim path traversial
...
Resolves: RHEL-112007
2025-09-17 17:06:51 +02:00
Zdenek Dohnal
2d35eb4a78
RHEL-112003 CVE-2025-53905 vim: Vim path traversial
...
Resolves: RHEL-112003
2025-09-17 16:18:02 +02:00
František Hrdina
0f979e7ff2
Update location of fmf plans
2025-08-11 10:38:25 +02:00
František Hrdina
bc97b48860
Update fmf plans and gating.yaml
2024-10-31 12:11:25 +01:00
Adam Samalik
00a251a9cc
re-import sources as agreed with the maintainer
2023-07-11 11:52:53 +02:00
Troy Dawson
2380d15677
Bring gating.yaml over from Brew dist-git
...
Signed-off-by: Troy Dawson <tdawson@redhat.com>
2023-03-10 12:02:39 -08:00
CentOS Sources
6bb164562c
Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm
2022-06-16 06:32:53 +00:00
James Antill
57d09485b7
Initial c8s branch.
2022-05-26 15:48:02 -04:00