On Tue Jun 30, 2026 at 9:18 AM CEST, Hitendra Prajapati via lists.openembedded.org wrote: > Pick patch from [1], [2] & [3] also mentioned at NVD report in [4,5 & 6] > > [1] https://github.com/vim/vim/commit/4b850457e12e1a678dd209f2868154f7553cbf8d > [2] https://github.com/vim/vim/commit/63680c6d3d52477817b49cd1a66e7aabe8a7aa19 > [3] https://github.com/vim/vim/commit/c8c63673bc4253212820626aeeb75999d9a539d2 > [4] https://nvd.nist.gov/vuln/detail/CVE-2026-52858 > [5] https://nvd.nist.gov/vuln/detail/CVE-2026-52859 > [6] https://nvd.nist.gov/vuln/detail/CVE-2026-52860 > > Signed-off-by: Hitendra Prajapati <[email protected]> > --- > .../vim/files/CVE-2026-52858.patch | 167 +++++++ > .../vim/files/CVE-2026-52859.patch | 274 +++++++++++ > .../vim/files/CVE-2026-52860.patch | 446 ++++++++++++++++++ > meta/recipes-support/vim/vim.inc | 3 + > 4 files changed, 890 insertions(+) > create mode 100644 meta/recipes-support/vim/files/CVE-2026-52858.patch > create mode 100644 meta/recipes-support/vim/files/CVE-2026-52859.patch > create mode 100644 meta/recipes-support/vim/files/CVE-2026-52860.patch
Hello, As noted in [0], CVE-2026-52860 needs a fix on master. It was sent with "[OE-core][master][PATCH] vim: upgrade 9.2.0569 -> 9.2.0782" but not merged yet. I'll remove 5/5 from the current series, it will have to be handled separately. [0]: https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/#40047 Regards, -- Yoann Congal
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#240338): https://lists.openembedded.org/g/openembedded-core/message/240338 Mute This Topic: https://lists.openembedded.org/mt/120043436/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
