Updated vim packages fix security vulnerabilities
Publication date: 06 Apr 2026Modification date: 06 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-34982 , CVE-2026-35177
Description
Vim modeline bypass via various options affects Vim < 9.2.0276.
(CVE-2026-34982)
Path traversal issue with zip.vim in Vim < v9.2.0280. (CVE-2026-35177)
References
- https://bugs.mageia.org/show_bug.cgi?id=35308
- https://www.openwall.com/lists/oss-security/2026/03/31/14
- https://www.openwall.com/lists/oss-security/2026/04/01/1
- https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9
- https://www.openwall.com/lists/oss-security/2026/04/01/4
- https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34982
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35177
SRPMS
9/core
- vim-9.2.280-1.mga9