On Tue Jun 30, 2026 at 9:18 AM CEST, Hitendra Prajapati via 
lists.openembedded.org wrote:
> Pick patch from [1], [2] & [3] also mentioned at NVD report in [4,5 & 6]
>
> [1] https://github.com/vim/vim/commit/4b850457e12e1a678dd209f2868154f7553cbf8d
> [2] https://github.com/vim/vim/commit/63680c6d3d52477817b49cd1a66e7aabe8a7aa19
> [3] https://github.com/vim/vim/commit/c8c63673bc4253212820626aeeb75999d9a539d2
> [4] https://nvd.nist.gov/vuln/detail/CVE-2026-52858
> [5] https://nvd.nist.gov/vuln/detail/CVE-2026-52859
> [6] https://nvd.nist.gov/vuln/detail/CVE-2026-52860
>
> Signed-off-by: Hitendra Prajapati <[email protected]>
> ---
>  .../vim/files/CVE-2026-52858.patch            | 167 +++++++
>  .../vim/files/CVE-2026-52859.patch            | 274 +++++++++++
>  .../vim/files/CVE-2026-52860.patch            | 446 ++++++++++++++++++
>  meta/recipes-support/vim/vim.inc              |   3 +
>  4 files changed, 890 insertions(+)
>  create mode 100644 meta/recipes-support/vim/files/CVE-2026-52858.patch
>  create mode 100644 meta/recipes-support/vim/files/CVE-2026-52859.patch
>  create mode 100644 meta/recipes-support/vim/files/CVE-2026-52860.patch

Hello,

As noted in [0], CVE-2026-52860 needs a fix on master. It was sent with
"[OE-core][master][PATCH] vim: upgrade 9.2.0569 -> 9.2.0782" but not
merged yet. I'll remove 5/5 from the current series, it will have to be
handled separately.

[0]: 
https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/#40047

Regards,
-- 
Yoann Congal
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240338): 
https://lists.openembedded.org/g/openembedded-core/message/240338
Mute This Topic: https://lists.openembedded.org/mt/120043436/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to