File _patchinfo of Package patchinfo.40300
<patchinfo incident="40300"> <issue tracker="bnc" id="1246602">VUL-0: CVE-2025-53906: vim: malicious zip archive may cause a path traversal in Vim’s zip</issue> <issue tracker="bnc" id="1247939">VUL-0: CVE-2025-55158: vim: double-free in internal typed value (typval_T) management</issue> <issue tracker="bnc" id="1246604">VUL-0: CVE-2025-53905: vim: malicious tar archive may cause a path traversal in Vim’s tar.vim plugin</issue> <issue tracker="bnc" id="1247938">VUL-0: CVE-2025-55157: vim: use-after-free in internal tuple reference management</issue> <issue tracker="cve" id="2025-55158"/> <issue tracker="cve" id="2025-53905"/> <issue tracker="cve" id="2025-53906"/> <issue tracker="cve" id="2025-55157"/> <packager>mschreiner</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for vim</summary> <description>This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) </description> </patchinfo>
