Release date:
2026-05-06 11:47:52 UTC
Description:
- CVE-2022-2125: fix out-of-bounds read in get_lisp_indent(); break out
of the inner loop on NUL byte (indent.c, upstream patch 8.2.5122)
- CVE-2021-3974: fix use-after-free in nfa_regmatch() when a substitute
callback frees the regline during a mark comparison; save col and
re-fetch rex.line via reg_getline() after getmark_buf() (regexp.c +
regexp_nfa.c, upstream patch 8.2.3612)
- CVE-2022-2206: fix OOB read after terminal resize lowers Rows below
cmdline_row / msg_row; clamp both to Rows - 1 in check_shellsize()
(term.c, upstream patch 8.2.5160)
- CVE-2022-2946: fix use-after-free in do_tag() when 'tagfunc' deletes
the buffer; make a vim_strsave copy of the tagstack tagname before
calling user code (tag.c, upstream patch 9.0.0246)
- CVE-2022-2286: fix heap-buffer-overflow in the Ctrl-E completion-stop
path when the completion leader shrinks below the original text;
bounds-check compl_len against replacement string length before
ins_bytes_len() (insexpand.c, upstream patch 9.0.0020)
Updated packages:
-
vim-X11-8.2.2637-22.el9_2.1.tuxcare.els22.x86_64.rpm
sha:4e2e309674eda52f5ed343d156ac018eb2abb7aefa07a7e2878e4871be80a7cf
-
vim-common-8.2.2637-22.el9_2.1.tuxcare.els22.x86_64.rpm
sha:54de019222e7edd5bd51cea2c5fba5586a9bc54a37f6c042851deec7edb9c66b
-
vim-enhanced-8.2.2637-22.el9_2.1.tuxcare.els22.x86_64.rpm
sha:8d8da9c331123bbf6630dec2c530ad2c56dce45541a81026588f738a9c48f3a3
-
vim-filesystem-8.2.2637-22.el9_2.1.tuxcare.els22.noarch.rpm
sha:d4e53e88785042c00f7c22a8c77923eaff3414be81c0c67fa274600783512bfe
-
vim-minimal-8.2.2637-22.el9_2.1.tuxcare.els22.x86_64.rpm
sha:447c1fb0a55a6f43076ae369e908895f511b726d15131143624baf53780d74fb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
