Overview

File _patchinfo of Package patchinfo.40301

<patchinfo incident="40301">
  <issue tracker="bnc" id="1247938">VUL-0: CVE-2025-55157: vim: use-after-free in internal tuple reference management</issue>
  <issue tracker="bnc" id="1246602">VUL-0: CVE-2025-53906: vim: malicious zip archive may cause a path traversal in Vim&#8217;s zip</issue>
  <issue tracker="bnc" id="1246604">VUL-0: CVE-2025-53905: vim: malicious tar archive may cause a path traversal in Vim&#8217;s tar.vim plugin</issue>
  <issue tracker="bnc" id="1247939">VUL-0: CVE-2025-55158: vim: double-free in internal typed value (typval_T) management</issue>
  <issue tracker="cve" id="2025-55157"/>
  <issue tracker="cve" id="2025-55158"/>
  <issue tracker="cve" id="2025-53906"/>
  <issue tracker="cve" id="2025-53905"/>
  <packager>mschreiner</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for vim</summary>
  <description>This update for vim fixes the following issues:

Update to version 9.1.1629.
    
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
  specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
  specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places