The VIM editor
Go to file
RHEL Packaging Agent 9aca0db7e7 Fix CVE-2026-47162: netrw code injection via NetrwBookHistSave()
Backport upstream fix for CVE-2026-47162 which addresses a code
injection vulnerability in the netrw plugin's
NetrwBookHistSave() function. The fix uses string() to properly
quote directory names written to the netrw history file,
preventing malicious directory names from executing arbitrary
Vim commands when the history is sourced.

The patch was adapted from upstream commit f08ab2f4d7d2 for
vim 8.0: adjusted file path to runtime/autoload/netrw.vim,
adapted the setline() call to the downstream loop pattern,
and created a minimal test file for the injection scenario.

CVE: CVE-2026-47162
Upstream patches:
 - f08ab2f4d7.patch
Resolves: RHEL-186656

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-07-01 16:14:58 +02:00
.fmf Update fmf plans and gating.yaml 2024-10-31 12:11:25 +01:00
.gitignore re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
7.4.899 re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
0001-patch-8.1.0881-can-execute-shell-commands-in-rvim-th.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.1.1365-source-command-doesn-t-check-for-the-.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.1.1366-using-expressions-in-modeline-is-unsafe.patch Related: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass 2026-04-17 14:40:45 +02:00
0001-patch-8.1.1401-misspelled-mkspellmem.patch Resolves: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass 2026-04-16 17:57:31 +02:00
0001-patch-8.2.3487-illegal-memory-access-if-buffer-name-.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.3625-illegal-memory-access-when-C-indentin.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.3669-buffer-overflow-with-long-help-argume.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.3949-using-freed-memory-with-V.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.3950-going-beyond-the-end-of-the-line-with.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4120-block-insert-goes-over-the-end-of-the.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4151-reading-beyond-the-end-of-a-line.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4214-illegal-memory-access-with-large-tabs.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4215-illegal-memory-access-when-copying-li.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4218-illegal-memory-access-with-bracketed-.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4253-using-freed-memory-when-substitute-wi.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4646-using-buffer-line-after-it-has-been-f.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4919-can-add-invalid-bytes-with-spellgood.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4925-trailing-backslash-may-cause-reading-.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.4977-memory-access-error-when-substitute-e.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.5023-substitute-overwrites-allocated-buffe.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-8.2.5037-cursor-position-may-be-invalid-after-.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
0001-patch-9.0.1477-crash-when-recovering-from-corrupted-.patch RHEL-155412 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file 2026-04-01 15:43:11 +02:00
0001-patch-9.1.1551-security-path-traversal-issue-in-zip..patch RHEL-112007 CVE-2025-53906 vim: Vim path traversial 2025-09-17 17:06:51 +02:00
0001-patch-9.1.1552-security-path-traversal-issue-in-tar..patch RHEL-112003 CVE-2025-53905 vim: Vim path traversial 2025-09-17 16:18:02 +02:00
0001-patch-9.1.2132-security-buffer-overflow-in-helpfile-.patch RHEL-147935 CVE-2026-25749 vim: Heap Overflow in Vim 2026-03-06 13:50:33 +01:00
0001-patch-9.1.2133-Another-case-of-buffer-overflow-with-.patch RHEL-147935 CVE-2026-25749 vim: Heap Overflow in Vim 2026-03-06 13:50:33 +01:00
0001-patch-9.2.0073-security-possible-command-injection-u.patch RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin 2026-04-01 10:45:46 +02:00
0001-patch-9.2.0077-security-Crash-when-recovering-a-corr.patch RHEL-155412 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file 2026-04-01 15:43:11 +02:00
0001-patch-9.2.0089-netrw-does-not-take-port-into-account.patch RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin 2026-04-01 10:45:46 +02:00
0001-patch-9.2.0202-security-command-injection-via-newlin.patch RHEL-159620 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function 2026-03-31 14:10:48 +02:00
0001-patch-9.2.0276-security-modeline-security-bypass.patch Resolves: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass 2026-04-16 17:57:31 +02:00
0001-patch-9.2.0277-tests-test_modeline.vim-fails.patch Resolves: RHEL-164956 vim: arbitrary command execution via modeline sandbox bypass 2026-04-16 17:57:31 +02:00
0001-patch-9.2.0280-security-path-traversal-issue-in-zip.patch CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass 2026-05-20 15:21:28 +02:00
0001-patch-9.2.0299-zip-may-write-using-absolute-paths.patch CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass 2026-05-20 15:21:28 +02:00
0001-patch-9.2.0304-zip-block-absolute-paths-in-Extract.patch CVE-2026-35177 vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass 2026-05-20 15:21:28 +02:00
0001-patch-9.2.0357-security-command-injection-via-backti.patch CVE-2026-41411 vim: Command injection via backticks in tag files 2026-05-21 14:18:04 +02:00
0001-patch-9.2.0479-security-runtime-tar-command-injecti.patch Fix CVE-2026-46483: command injection in vim tar plugin 2026-06-03 11:05:34 +00:00
0001-patch-9.2.0495-security-runtime-netrw-code-injection.patch Fix CVE-2026-47162: netrw code injection via NetrwBookHistSave() 2026-07-01 16:14:58 +02:00
0001-patch-9.2.0496-security-Code-Injection-in-cucumber-f.patch Fix CVE-2026-47167: Code Injection in cucumber filetype plugin 2026-07-01 10:46:23 +02:00
0001-runtime-netrw-upstream-snapshot-of-v179.patch RHEL-155428 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin 2026-04-01 10:45:46 +02:00
Changelog.rpm Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
ci.fmf Update fmf plans and gating.yaml 2024-10-31 12:11:25 +01:00
ftplugin-spec.vim re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
gating.yaml Update fmf plans and gating.yaml 2024-10-31 12:11:25 +01:00
gvim16.png re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
gvim32.png re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
gvim48.png re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
gvim64.png re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
gvim.desktop re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
macros.vim Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
plans.fmf Update location of fmf plans 2025-08-11 10:38:25 +02:00
sources re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
spec-template Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
spec-template.new Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
syntax-spec.vim re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
vi_help.txt re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
vim-7.0-fixkeys.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.0-hunspell.patch re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
vim-7.0-rclocation.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.0-specedit.patch re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
vim-7.3-manpage-typo-668894-675480.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-checkhl.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-fstabsyntax.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-globalsyntax.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-licensemacro-1151450.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-nowarnings.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-releasestring-1318991.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-specsyntax.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-syncolor.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-7.4-syntax.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-8.0-copy-paste.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-8.0-rhbz1365258.patch re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
vim-covscan.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-crypto-warning.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-cve3778-fix.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-cve3796.patch re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00
vim-manpagefixes-948566.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim-python3-tests.patch Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim.csh Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim.sh Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
vim.spec Fix CVE-2026-47162: netrw code injection via NetrwBookHistSave() 2026-07-01 16:14:58 +02:00
vimrc Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
virc Auto sync2gitlab import of vim-8.0.1763-19.el8_6.4.src.rpm 2022-06-16 06:32:53 +00:00
zip.vim re-import sources as agreed with the maintainer 2023-07-11 11:52:53 +02:00