On Tue Mar 17, 2026 at 7:14 AM CET, Hitendra Prajapati via lists.openembedded.org wrote: > Upgrade from 9.1.2128 to 9.1.2144 to include the fix for > CVE-2026-25749 [1] [2]. > > [1] https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43 > [2] https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 > > Signed-off-by: Hitendra Prajapati <[email protected]> > --- > meta/recipes-support/vim/vim.inc | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-support/vim/vim.inc > b/meta/recipes-support/vim/vim.inc > index 0ce6aa71a4..7a7bedf863 100644 > --- a/meta/recipes-support/vim/vim.inc > +++ b/meta/recipes-support/vim/vim.inc > @@ -18,8 +18,8 @@ SRC_URI = > "git://github.com/vim/vim.git;branch=master;protocol=https \ > file://no-path-adjust.patch \ > " > > -PV .= ".2128" > -SRCREV = "392b428d1239e963020b73682cd03f17ffb538b3" > +PV .= ".2144" > +SRCREV = "55c12373f073bacfc97d757e8f4da3daf472e4ac" > > # Do not consider .z in x.y.z, as that is updated with every commit > UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+)\.0"
Hi Hitendra, Upgrading from 9.1.1683 to 9.1.2144 involves over 460 versions and over 1000 commits. As previously discussed here [1], so many changes seems too risky for a stable/LTS branch. So, without a exemption granted by Yocto Project TSC for Vim, backporting patches is the best solution for addressing CVEs. Regards, [1] https://lore.kernel.org/openembedded-core/as1pr10mb56978c6748852f61c4f7109bfd...@as1pr10mb5697.eurprd10.prod.outlook.com/ -- Fabien Thomas Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#233611): https://lists.openembedded.org/g/openembedded-core/message/233611 Mute This Topic: https://lists.openembedded.org/mt/118360379/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
