[Git][security-tracker-team/security-tracker][master] Add CVE-2026-8997/vimfm

Fri May 22 20:52:00 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7338591 by Salvatore Bonaccorso at 2026-05-22T21:51:50+02:00
Add CVE-2026-8997/vimfm

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30,7 +30,8 @@ CVE-2026-9047 (Improper handling of factor key state in the multi-factor authent
 CVE-2026-9011 (The Ditty \u2013 Responsive News Tickers, Sliders, and Lists plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8997 (vifm is vulnerable to a heap buffer overflow during the history merge  ...)
-	TODO: check
+	- vifm <unfixed>
+	NOTE: Fixed by: https://github.com/vifm/vifm/commit/23063c741f15a85621fd232dfc3ac5b779f6910d
 CVE-2026-8992 (An improper certificate validation vulnerability in Ivanti Secure Acce ...)
 	NOT-FOR-US: Ivanti
 CVE-2026-8692 (The Vedrixa Forms \u2013 User Registration Form, Signup Form & Drag &  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c73385917078351acc92bb829655bb96035d93f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c73385917078351acc92bb829655bb96035d93f8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/81fde361/attachment.htm>
