[ubuntu/questing-security] vim 2:9.1.0967-1ubuntu6.6 (Accepted)
Kyle Kernick
kyle.kernick at canonical.com
Tue Jun 9 16:59:38 UTC 2026
vim (2:9.1.0967-1ubuntu6.6) questing-security; urgency=medium
* SECURITY UPDATE: Command injection in tar plugin.
- debian/patches/CVE-2026-46483.patch: Use the correct shell-escape in
runtime/autoload/tar.vim.
- CVE-2026-46483
* SECURITY UPDATE: Code injection via mf command.
- debian/patches/CVE-2026-43961.patch: Avoid string concatenation for
filter commands in runtime/autoload/netrw.vim.
- CVE-2026-43961
Date: 2026-06-03 21:33:11.242807+00:00
Changed-By: Kyle Kernick <kyle.kernick at canonical.com>
https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubuntu6.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list