Source: vim Version: 2:9.1.2141-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for vim. CVE-2026-26269[0]: | Vim is an open source, command line text editor. Prior to 9.1.2148, | a stack buffer overflow vulnerability exists in Vim's NetBeans | integration when processing the specialKeys command, affecting Vim | builds that enable and use the NetBeans feature. The Stack buffer | overflow exists in special_keys() (in src/netbeans.c). The while | (*tok) loop writes two bytes per iteration into a 64-byte stack | buffer (keybuf) with no bounds check. A malicious NetBeans server | can overflow keybuf with a single specialKeys command. The issue has | been fixed as of Vim patch v9.1.2148. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-26269 https://www.cve.org/CVERecord?id=CVE-2026-26269 [1] https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68 [2] https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
