35197 – vim new security issue CVE-2026-32249

Bug 35197 - vim new security issue CVE-2026-32249

Summary: vim new security issue CVE-2026-32249

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2026-03-12 09:18 CET by Nicolas Salguero
Modified:	2026-03-14 01:34 CET (History)
CC List:	3 users (show)

See Also:
Source RPM:	vim-9.2.106-1.mga9.src.rpm
CVE:	CVE-2026-32249
Status comment:

Flags:	herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-03-12 09:18:42 CET

References:
https://www.openwall.com/lists/oss-security/2026/03/11/6
https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r

Nicolas Salguero 2026-03-12 09:21:11 CET

CVE: (none) => CVE-2026-32249
Flags: (none) => affects_mga9+
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => vim-9.2.106-1.mga10.src.rpm, vim-9.2.106-1.mga9.src.rpm

Comment 1 Nicolas Salguero 2026-03-12 09:35:35 CET

For Cauldron, I asked for a freeze move.


Suggested advisory:
========================

The updated packages fix a security vulnerability:

NFA regex engine NULL pointer dereference affects Vim < 9.2.0137. (CVE-2026-32249)

References:
https://www.openwall.com/lists/oss-security/2026/03/11/6
https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r
========================

Updated packages in core/updates_testing:
========================
vim-X11-9.2.140-1.mga9
vim-common-9.2.140-1.mga9
vim-enhanced-9.2.140-1.mga9
vim-minimal-9.2.140-1.mga9

from SRPM:
vim-9.2.140-1.mga9.src.rpm

Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED
Version: Cauldron => 9
Flags: affects_mga9+ => (none)
Whiteboard: MGA9TOO => (none)
Source RPM: vim-9.2.106-1.mga10.src.rpm, vim-9.2.106-1.mga9.src.rpm => vim-9.2.106-1.mga9.src.rpm

Comment 2 Herman Viaene 2026-03-12 16:51:25 CET

MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues.
Tested by  using the a, d, dd, i, x :w and :q commands. Checked with more, all works OK.

Flags: (none) => test_passed_mga9_64+
Whiteboard: (none) => MGA9-64-OK
CC: (none) => herman.viaene

katnatek 2026-03-12 21:19:34 CET

Keywords: (none) => advisory

Comment 3 Thomas Andrews 2026-03-13 22:19:55 CET

Validating

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 4 Mageia Robot 2026-03-14 01:34:52 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0055.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.