35135 – vim new security issue CVE-2026-26269

Bug 35135 - vim new security issue CVE-2026-26269

Summary: vim new security issue CVE-2026-26269

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2026-02-16 10:14 CET by Nicolas Salguero
Modified:	2026-02-18 17:18 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	vim-9.1.1552-1.mga9.src.rpm
CVE:	CVE-2026-26269
Status comment:

Flags:	herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-02-16 10:14:41 CET

Reference: https://www.openwall.com/lists/oss-security/2026/02/13/2

Nicolas Salguero 2026-02-16 10:16:54 CET

Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in 9.1.2148
CVE: (none) => CVE-2026-26269
Source RPM: (none) => vim-9.1.1918-2.mga10.src.rpm, vim-9.1.1552-1.mga9.src.rpm
Flags: (none) => affects_mga9+

Comment 1 Lewis Smith 2026-02-16 20:19:43 CET

No one packager in vie for vim, so assigning globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2026-02-17 09:57:30 CET

For Cauldron, I asked for a freeze move.


Suggested advisory:
========================

The updated packages fix a security vulnerability:

Vim has a Netbeans specialKeys Stack Buffer Overflow. (CVE-2026-26269)

References:
https://www.openwall.com/lists/oss-security/2026/02/13/2
========================

Updated packages in core/updates_testing:
========================
vim-X11-9.1.2148-1.mga9
vim-common-9.1.2148-1.mga9
vim-enhanced-9.1.2148-1.mga9
vim-minimal-9.1.2148-1.mga9

from SRPM:
vim-9.1.2148-1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Status comment: Fixed upstream in 9.1.2148 => (none)
Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Source RPM: vim-9.1.1918-2.mga10.src.rpm, vim-9.1.1552-1.mga9.src.rpm => vim-9.1.1552-1.mga9.src.rpm
Flags: affects_mga9+ => (none)
Version: Cauldron => 9

Comment 3 Herman Viaene 2026-02-17 16:51:31 CET

MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Ref bug 34486
In a .txt file, used the commands a, i, d, x, :w and :q.
Checked changes with kwrite, all OK

Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene
Flags: (none) => test_passed_mga9_64+

katnatek 2026-02-17 21:01:30 CET

Keywords: (none) => advisory

Comment 4 Thomas Andrews 2026-02-18 13:23:54 CET

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Mageia Robot 2026-02-18 17:18:07 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0042.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.