Commit Graph

16 Commits

Author SHA1 Message Date
Zdenek Dohnal
6a0060b814 Fix CVE-2026-47167: Code Injection in cucumber filetype plugin
Backport upstream fix (commit a65a52d6) for CVE-2026-47167 to
vim 8.0.1763 on c8s. The patch replaces the unsafe
Kernel.eval('/'+pattern+'/') call in cucumber.vim with
Regexp.new(pattern), preventing Ruby code injection through
malicious step definition patterns.

Added Patch3059 with adaptations for vim 8.0: replaced
CheckFeature with has() guard and adjusted mkdir/cleanup
calls for compatibility.

CVE: CVE-2026-47167
Upstream patches:
 - a65a52d684.patch
Resolves: RHEL-185863

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-07-01 10:46:23 +02:00
RHEL Packaging Agent
158f6c1c71 Fix CVE-2026-46483: command injection in vim tar plugin
Backport upstream commit 3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1
to fix a command injection vulnerability (CVE-2026-46483) in
the vim tar plugin. The fix changes shellescape(tartail) to
shellescape(tartail, 1) in two places in the tar#Vimuntar()
function in runtime/autoload/tar.vim, ensuring proper shell
escaping when executing external commands via :! commands.

The patch was manually adapted for vim 8.0, omitting the
src/version.c hunk and the Vim9-based test file which are not
compatible with this version.

CVE: CVE-2026-46483
Upstream patches:
 - 3fb5e58fbc.patch
Resolves: RHEL-178234

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-03 11:05:34 +00:00
Zdenek Dohnal
ca75fea6d3 CVE-2026-41411 vim: Command injection via backticks in tag files
Resolves: RHEL-171485
2026-05-21 14:18:04 +02:00
Zdenek Dohnal
71ad3c53aa add comments describing changes from upstream in last 3 patches
Related: RHEL-170126
2026-05-21 11:45:24 +02:00
Zdenek Dohnal
b641db983e CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
Resolves: RHEL-170126
2026-05-20 15:21:28 +02:00
Zdenek Dohnal
f7d28fedc6 Related: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass 2026-04-17 14:40:45 +02:00
Zdenek Dohnal
6cd1353d0a Resolves: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass 2026-04-16 17:57:31 +02:00
pdancak
401ebe2ecf RHEL-155412 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
Resolves: RHEL-155412

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
2026-04-01 15:43:11 +02:00
pdancak
83b175fed1 RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin
Resolves: RHEL-155428

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
2026-04-01 10:45:46 +02:00
pdancak
9254b79bcd RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
Resolves: RHEL-159620

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED
2026-03-31 14:10:48 +02:00
Zdenek Dohnal
07cd9103e4 RHEL-147935 CVE-2026-25749 vim: Heap Overflow in Vim
Resolves: RHEL-147935
2026-03-06 13:50:33 +01:00
Zdenek Dohnal
3761e410a8 Fix rpminspect issues
Related: RHEL-112003
2025-09-18 15:07:33 +02:00
Zdenek Dohnal
f9ed7bf51c RHEL-112007 CVE-2025-53906 vim: Vim path traversial
Resolves: RHEL-112007
2025-09-17 17:06:51 +02:00
Zdenek Dohnal
2d35eb4a78 RHEL-112003 CVE-2025-53905 vim: Vim path traversial
Resolves: RHEL-112003
2025-09-17 16:18:02 +02:00
Adam Samalik
00a251a9cc re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
CentOS Sources
6bb164562c Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00