Skip to content

DLPX-97846 Ubuntu Security Notification for Vim Vulnerabilities (USN-8500-1)#401

Open
prakashsurya wants to merge 1 commit into
releasefrom
projects/cve-vim-usn-8500-1
Open

DLPX-97846 Ubuntu Security Notification for Vim Vulnerabilities (USN-8500-1)#401
prakashsurya wants to merge 1 commit into
releasefrom
projects/cve-vim-usn-8500-1

Conversation

@prakashsurya

@prakashsurya prakashsurya commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Summary

Backports the Ubuntu USN-8500-1 vim security update (2:9.1.0016-1ubuntu7.17) to the release-track appliance via the misc-debs extension point. The release build (2026.4.0.0) installs 2:9.1.0016-1ubuntu7.16, which is still vulnerable to these CVEs.

Remediates:

Changes:

  • packages/misc-debs/config.sh: three sha256-pinned debs=() entries — the vim binaries the appliance installs — under a comment block naming the USN, Jira tickets, CVEs, and the Ubuntu archive source.
  • .debs uploaded to http://artifactory.delphix.com/artifactory/linux-pkg/misc-debs/ (epoch stripped from filenames per Debian pool convention):
    • vim_9.1.0016-1ubuntu7.17_amd64.deb
    • vim-common_9.1.0016-1ubuntu7.17_all.deb
    • vim-runtime_9.1.0016-1ubuntu7.17_all.deb

Fetched from the Ubuntu 24.04 LTS (noble) noble-security/noble-updates archive.

Test plan

  • PR check passes (make shellcheck + make shfmtcheck — both clean locally on this branch).
  • misc-debs Jenkins pre-push job resolves all three artifactory URLs with matching sha256s.
  • git-ab-pre-push builds an appliance image with ...ubuntu7.17 replacing 7.16; pre-checkin regression passes.
  • On a VM from the resulting image: dpkg-query -W vim vim-common vim-runtime reports 2:9.1.0016-1ubuntu7.17.

🤖 Generated with Claude Code

Testing Done

ab-pre-push build #14508: IN PROGRESS

Pin the fixed Ubuntu USN-8500-1 vim binaries (2:9.1.0016-1ubuntu7.17) into the release appliance via misc-debs. Remediates CVE-2026-57455 (DLPX-97851), CVE-2026-55693 (DLPX-97850), CVE-2026-57456 (DLPX-97847), and CVE-2026-55895 (DLPX-97846). The release build ships 2:9.1.0016-1ubuntu7.16.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@prakashsurya prakashsurya enabled auto-merge (squash) July 9, 2026 23:59

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Backports the Ubuntu USN-8500-1 security-fixed vim packages into the appliance via the misc-debs extension point, upgrading from ...7.16 to ...7.17 to remediate the listed CVEs.

Changes:

  • Add sha256-pinned vim, vim-common, and vim-runtime .deb entries to packages/misc-debs/config.sh.
  • Document the USN/CVE/Jira context for why these packages are being pinned.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/misc-debs/config.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

3 participants