{"id":"MGASA-2026-0049","summary":"Updated vim packages fix security vulnerabilities","details":"OS Command Injection in netrw affects Vim \u003c 9.2.0073. (CVE-2026-28417)\nHeap-based Buffer Overflow in Emacs tags parsing affects Vim \u003c 9.2.0074.\n(CVE-2026-28418)\nHeap-based Buffer Underflow in Emacs tags parsing affects Vim \u003c\n9.2.0075. (CVE-2026-28419)\nHeap-based Buffer Overflow and OOB Read in :terminal affects Vim \u003c\n9.2.0076. (CVE-2026-28420)\nMultiple Vulnerabilities in Swap File Recovery affect Vim \u003c 9.2.0077.\n(CVE-2026-28421)\nStack-buffer-overflow in build_stl_str_hl() affects Vim \u003c 9.2.0078.\n(CVE-2026-28422)\n","modified":"2026-04-16T00:09:57.350704329Z","published":"2026-03-06T03:01:36Z","upstream":["CVE-2026-28417","CVE-2026-28418","CVE-2026-28419","CVE-2026-28420","CVE-2026-28421","CVE-2026-28422"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0049.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35167"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/02/27/6"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/02/27/7"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/02/27/8"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/02/27/9"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/02/27/10"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/02/27/11"}],"affected":[{"package":{"name":"vim","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/vim?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.2.106-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0049.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}