vim 2:9.1.0967-1ubuntu6.1 source package in Ubuntu
Changelog
vim (2:9.1.0967-1ubuntu6.1) questing-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2026-26269.patch: Limit writing to max KEYBUFLEN
bytes to prevent writing out of bounds.
- debian/patches/CVE-2026-28420.patch: Use VTERM_MAX_CHARS_PER_CELL * 4
for ga_grow() to ensure sufficient space. Add a boundary check to the
character loop to prevent index out-of-bounds access.
- debian/patches/CVE-2026-28422.patch: Update the size check to account
for the byte length of the fill character (using MB_CHAR2LEN).
- debian/patches/CVE-2026-25749.patch: Limit strncpy to the length
of the buffer (MAXPATHL)
- CVE-2026-26269
- CVE-2026-28420
- CVE-2026-28422
- CVE-2026-25749
* SECURITY UPDATE: Command Injection
- debian/patches/CVE-2026-28417.patch: Implement stricter RFC1123
hostname and IP validation. Use shellescape() for the provided
hostname and port.
- CVE-2026-28417
* SECURITY UPDATE: Out of Bounds Read
- debian/patches/CVE-2026-28418.patch: Check for end of buffer
and return early.
- CVE-2026-28418
* SECURITY UPDATE: Buffer Underflow
- debian/patches/CVE-2026-28419.patch: Add a check to ensure the
delimiter (p_7f) is not at the start of the buffer (lbuf) before
attempting to isolate the tag name.
- CVE-2026-28419
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2026-28421.patch: Add bounds checks on
pe_page_count and pe_bnum against mf_blocknr_max before descending
into the block tree, and validate pe_old_lnum >= 1 and
pe_line_count > 0 before calling readfile().
- CVE-2026-28421
-- Bruce Cable <email address hidden> Tue, 10 Mar 2026 20:05:18 +1100
Upload details
- Uploaded by:
- Bruce Cable
- Uploaded to:
- Questing
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- editors
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| vim_9.1.0967.orig.tar.xz | 11.6 MiB | 45f4a66f9e5332cf7ff56e3939e6cf37201ed5f8a5f508882b4d744729125bcf |
| vim_9.1.0967-1ubuntu6.1.debian.tar.xz | 216.9 KiB | 1cfe83d5b0dfcffa9b9ce036b0e24d550379dd93626fa6b15253cd8425a25859 |
| vim_9.1.0967-1ubuntu6.1.dsc | 2.8 KiB | cb0cb18489c5b7cf4849f0569d63225243972db0407ae446b454292a10972023 |
Available diffs
Binary packages built by this source
- vim: Vi IMproved - enhanced vi editor
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a rather
standard set of features. This package does not provide a GUI
version of Vim. See the other vim-* packages if you need more
(or less).
- vim-athena: Vi IMproved - enhanced vi editor (dummy package)
This is a transitional package to install the vim-motif package. You may
remove this package if nothing depends on it.
- vim-common: Vi IMproved - Common files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains files shared by all non GUI-enabled vim variants
available in Debian. Examples of such shared files are: manpages and
configuration files.
- vim-dbgsym: debug symbols for vim
- vim-doc: Vi IMproved - HTML documentation
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains the HTML version of the online documentation. It is
built from the runtime/doc directory of the source tree.
- vim-gtk3: Vi IMproved - enhanced vi editor - with GTK3 GUI
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a GTK3 GUI
and support for scripting with Lua, Perl, Python 3, Ruby, and Tcl.
- vim-gtk3-dbgsym: debug symbols for vim-gtk3
- vim-gui-common: Vi IMproved - Common GUI files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains files shared by all GUI-enabled vim
variants available in Debian. Examples of such shared files are:
gvimtutor, icons, and desktop environments settings.
- vim-motif: Vi IMproved - enhanced vi editor - with Motif GUI
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with a Motif GUI
and support for scripting with Lua, Perl, Python 3, and Tcl.
- vim-motif-dbgsym: debug symbols for vim-motif
- vim-nox: Vi IMproved - enhanced vi editor - with scripting languages support
Vim is an almost compatible version of the UNIX editor Vi.
.
Many new features have been added: multi level undo, syntax
highlighting, command line history, on-line help, filename
completion, block operations, folding, Unicode support, etc.
.
This package contains a version of vim compiled with support for
scripting with Lua, Perl, Python 3, Ruby, and Tcl but no GUI.
- vim-nox-dbgsym: debug symbols for vim-nox
- vim-runtime: Vi IMproved - Runtime files
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains vimtutor and the architecture independent runtime
files, used, if available, by all vim variants available in Debian.
Example of such runtime files are: online documentation, rules for
language-specific syntax highlighting and indentation, color schemes,
and standard plugins.
- vim-tiny: Vi IMproved - enhanced vi editor - compact version
Vim is an almost compatible version of the UNIX editor Vi.
.
This package contains a minimal version of Vim compiled with no GUI and
a small subset of features. This package's sole purpose is to provide
the vi binary for base installations.
.
If a vim binary is wanted, try one of the following more featureful
packages: vim, vim-nox, vim-motif, or vim-gtk3.
- vim-tiny-dbgsym: debug symbols for vim-tiny
- xxd: tool to make (or reverse) a hex dump
xxd creates a hex dump of a given file or standard input. It can also convert
a hex dump back to its original binary form.
- xxd-dbgsym: debug symbols for xxd
