Gentoo alert 202601-02 (Vim, gVim)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202601-02 ] Vim, gVim: Multiple Vulnerabilities | |
| Date: | Mon, 26 Jan 2026 10:26:21 -0000 | |
| Message-ID: | <176942318218.7.12511001888592056860@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202601-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Vim, gVim: Multiple Vulnerabilities Date: January 26, 2026 Bugs: #961498 ID: 202601-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Vim and gVim, the worst of which could lead to execution of arbitrary code. Background ========== Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Affected packages ================= Package Vulnerable Unaffected -------------------- ------------ ------------ app-editors/gvim < 9.1.1652 >= 9.1.1652 app-editors/vim < 9.1.1652 >= 9.1.1652 app-editors/vim-core < 9.1.1652 >= 9.1.1652 Description =========== Multiple vulnerabilities have been discovered in Vim, gVim. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Vim, gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.1.1652" All Vim, gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.1.1652" All Vim, gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.1.1652" References ========== [ 1 ] CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 [ 2 ] CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202601-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2026 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAml3QU0ACgkQFMQkOaVy +9nPnA//f58GVdIQK88zFRAU96bKRSzMJ4/W15qePuHpf/X0tr6BofNaEXWJUMe/ dfsg7mm2ebq2iS7uwe+HM1gqVd48MUUT89fPwBPDtBdGU1DGYkLnkLhAp5xR5mev cVi0pTRYunu3VFpNffZFsafBXei3u5Uy0UcGpfOwQUwAvPe3NlsaQm5HXWO2VdoE ZowFhLw59pACNsDmULJr0pSFnSzDo/JAqu/pSpbU/NNMHRFwAv2u2rqMTxYQ0tT3 pOvuEywGps+h8CJ0DeFvCJNNIhSd0c+1m9X80Xl6Cy5NbQH5Mlu8o912J3lQNAxb gUVyFZkSspd6Pf7MW+uayw2qh6kHY+QFQd63Docx/eaZRdmsWbDnEkGq8NaH+ufB KlW24PurZuT2kaPf4adPM1pjI8N0ArFpl2sdChMqH/Dda/WfQUc8/EPJG5xlHu/D F+S/GAKiFo1GVLbF/Yw0CXr26/z+n30KLAQ4eb6BjgzKIpXP3EZkh5hoDzMq5601 7GI3OPdDQmkzSh0V7JWb7YwHKTqelMIwt+2ciLAr6t8QPNWqtYawdzGo+EeY6NZc 2LyRhHlXmuOpnQy5KkS0zGPRshRklxVckMKA2pdPer2tRW/QAk9ZTuicgwlwpcVx BT8zlo/HTvngvvd+i28GX59hKgCfFWXIZa50k0xCuoaJXTGTjOk= =lI0u -----END PGP SIGNATURE-----