Release date:
2026-07-01 15:34:37 UTC
Description:
* SECURITY UPDATE: Stack out-of-bounds write in dump_prefixes() in src/spell.c during :spelldump when a crafted spell file containing a self-referential BY_INDEX node in the prefix tree drives the descent depth past the MAXWLEN-sized prefix[]/arridx[]/curi[] stack arrays
- debian/patches/CVE-2026-55892.patch: bound the prefix-tree descent in dump_prefixes() with "else if (depth < MAXWLEN - 1)" so the depth index cannot exceed the MAXWLEN-sized stack arrays
- CVE-2026-55892
Updated packages:
-
vim_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
sha:c4acb64221f9369f00ecde3ab94bb85f12a20050
-
vim-athena_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
sha:e6f6f1574aaad9c6b83770a2c0d1f3f593d10092
-
vim-common_8.1.0875-5+deb10u6+tuxcare.els24_all.deb
sha:3edce2737f1e846c27b44bcaa9b2b2c293da4195
-
vim-doc_8.1.0875-5+deb10u6+tuxcare.els24_all.deb
sha:14ba827ead7d1c46ac1bf6a39de46a3dfe202c8e
-
vim-gtk_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
sha:6600eb6a598399bc97b6bb258eef7158ec397b6d
-
vim-gtk3_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
sha:7b7bf89276649968263cc32cd976201afc56c201
-
vim-gui-common_8.1.0875-5+deb10u6+tuxcare.els24_all.deb
sha:e1dffc82017ac170d63a4a487293682ef0954857
-
vim-nox_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
sha:15ee34282fc9493e36c09f00058ec91df887bf52
-
vim-runtime_8.1.0875-5+deb10u6+tuxcare.els24_all.deb
sha:7e8fb32ae636da23740e0a39d9a3e97e10302324
-
vim-tiny_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
sha:714e2ecf89f639aba2c0fabe2aa291e0660211e7
-
xxd_8.1.0875-5+deb10u6+tuxcare.els24_amd64.deb
sha:3f8b36c5f0c3f22785311c7a85cb687d99e59996
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.