{
    "summary": {
        "snap": {
            "added": [],
            "removed": [],
            "diff": []
        },
        "deb": {
            "added": [],
            "removed": [],
            "diff": [
                "libncurses6",
                "libncursesw6",
                "libnghttp2-14",
                "libtinfo6",
                "ncurses-base",
                "ncurses-bin",
                "xxd"
            ]
        }
    },
    "diff": {
        "deb": [
            {
                "name": "libncurses6",
                "from_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.1",
                    "version": "6.3-2ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.2",
                    "version": "6.3-2ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-69720",
                        "url": "https://ubuntu.com/security/CVE-2025-69720",
                        "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-03-19 15:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-69720",
                                "url": "https://ubuntu.com/security/CVE-2025-69720",
                                "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-03-19 15:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: stack-based buffer overflow in infocmp",
                            "    - debian/patches/CVE-2025-69720.patch: clamp length to",
                            "      MAX_TERMINFO_LENGTH before copying into buf2 in analyze_string.",
                            "    - CVE-2025-69720",
                            ""
                        ],
                        "package": "ncurses",
                        "version": "6.3-2ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Paulo Flabiano Smorigo <pfsmorigo@canonical.com>",
                        "date": "Tue, 30 Jun 2026 21:25:30 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libncursesw6",
                "from_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.1",
                    "version": "6.3-2ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.2",
                    "version": "6.3-2ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-69720",
                        "url": "https://ubuntu.com/security/CVE-2025-69720",
                        "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-03-19 15:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-69720",
                                "url": "https://ubuntu.com/security/CVE-2025-69720",
                                "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-03-19 15:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: stack-based buffer overflow in infocmp",
                            "    - debian/patches/CVE-2025-69720.patch: clamp length to",
                            "      MAX_TERMINFO_LENGTH before copying into buf2 in analyze_string.",
                            "    - CVE-2025-69720",
                            ""
                        ],
                        "package": "ncurses",
                        "version": "6.3-2ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Paulo Flabiano Smorigo <pfsmorigo@canonical.com>",
                        "date": "Tue, 30 Jun 2026 21:25:30 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libnghttp2-14",
                "from_version": {
                    "source_package_name": "nghttp2",
                    "source_package_version": "1.43.0-1ubuntu0.3",
                    "version": "1.43.0-1ubuntu0.3"
                },
                "to_version": {
                    "source_package_name": "nghttp2",
                    "source_package_version": "1.43.0-1ubuntu0.4",
                    "version": "1.43.0-1ubuntu0.4"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-58055",
                        "url": "https://ubuntu.com/security/CVE-2026-58055",
                        "cve_description": "nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting ambiguous message in the attacker's favor enables HTTP request/response smuggling and cross-client response-queue poisoning.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-28 02:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-58055",
                                "url": "https://ubuntu.com/security/CVE-2026-58055",
                                "cve_description": "nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting ambiguous message in the attacker's favor enables HTTP request/response smuggling and cross-client response-queue poisoning.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-28 02:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: HTTP request/response smuggling issue",
                            "    - debian/patches/CVE-2026-58055-pre1.patch: nghttpx: Remove trailing white",
                            "      spaces from HTTP/1.1 fields in src/shrpx-unittest.cc,",
                            "      src/shrpx_downstream.h, src/shrpx_http_downstream_connection.cc,",
                            "      src/shrpx_https_upstream.cc, src/util.cc, src/util.h, src/util_test.cc,",
                            "      src/util_test.h.",
                            "    - debian/patches/CVE-2026-58055-pre2.patch: nghttpx: Stricter transfer-",
                            "      encoding checks in integration-tests/nghttpx_http1_test.go, src/http2.cc,",
                            "      src/http2.h, src/http2_test.cc, src/http2_test.h, src/shrpx-unittest.cc,",
                            "      src/shrpx_downstream.cc, src/shrpx_http_downstream_connection.cc,",
                            "      src/shrpx_https_upstream.cc.",
                            "    - debian/patches/CVE-2026-58055.patch: nghttpx: Tighten up CONNECT and HTTP",
                            "      Upgrade handling in src/shrpx_downstream.cc, src/shrpx_downstream.h,",
                            "      src/shrpx_http2_upstream.cc, src/shrpx_http_downstream_connection.cc,",
                            "      src/shrpx_http_downstream_connection.h, src/shrpx_https_upstream.cc.",
                            "    - CVE-2026-58055",
                            ""
                        ],
                        "package": "nghttp2",
                        "version": "1.43.0-1ubuntu0.4",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
                        "date": "Tue, 30 Jun 2026 13:21:48 -0400"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "libtinfo6",
                "from_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.1",
                    "version": "6.3-2ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.2",
                    "version": "6.3-2ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-69720",
                        "url": "https://ubuntu.com/security/CVE-2025-69720",
                        "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-03-19 15:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-69720",
                                "url": "https://ubuntu.com/security/CVE-2025-69720",
                                "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-03-19 15:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: stack-based buffer overflow in infocmp",
                            "    - debian/patches/CVE-2025-69720.patch: clamp length to",
                            "      MAX_TERMINFO_LENGTH before copying into buf2 in analyze_string.",
                            "    - CVE-2025-69720",
                            ""
                        ],
                        "package": "ncurses",
                        "version": "6.3-2ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Paulo Flabiano Smorigo <pfsmorigo@canonical.com>",
                        "date": "Tue, 30 Jun 2026 21:25:30 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "ncurses-base",
                "from_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.1",
                    "version": "6.3-2ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.2",
                    "version": "6.3-2ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-69720",
                        "url": "https://ubuntu.com/security/CVE-2025-69720",
                        "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-03-19 15:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-69720",
                                "url": "https://ubuntu.com/security/CVE-2025-69720",
                                "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-03-19 15:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: stack-based buffer overflow in infocmp",
                            "    - debian/patches/CVE-2025-69720.patch: clamp length to",
                            "      MAX_TERMINFO_LENGTH before copying into buf2 in analyze_string.",
                            "    - CVE-2025-69720",
                            ""
                        ],
                        "package": "ncurses",
                        "version": "6.3-2ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Paulo Flabiano Smorigo <pfsmorigo@canonical.com>",
                        "date": "Tue, 30 Jun 2026 21:25:30 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "ncurses-bin",
                "from_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.1",
                    "version": "6.3-2ubuntu0.1"
                },
                "to_version": {
                    "source_package_name": "ncurses",
                    "source_package_version": "6.3-2ubuntu0.2",
                    "version": "6.3-2ubuntu0.2"
                },
                "cves": [
                    {
                        "cve": "CVE-2025-69720",
                        "url": "https://ubuntu.com/security/CVE-2025-69720",
                        "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                        "cve_priority": "low",
                        "cve_public_date": "2026-03-19 15:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2025-69720",
                                "url": "https://ubuntu.com/security/CVE-2025-69720",
                                "cve_description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.",
                                "cve_priority": "low",
                                "cve_public_date": "2026-03-19 15:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: stack-based buffer overflow in infocmp",
                            "    - debian/patches/CVE-2025-69720.patch: clamp length to",
                            "      MAX_TERMINFO_LENGTH before copying into buf2 in analyze_string.",
                            "    - CVE-2025-69720",
                            ""
                        ],
                        "package": "ncurses",
                        "version": "6.3-2ubuntu0.2",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Paulo Flabiano Smorigo <pfsmorigo@canonical.com>",
                        "date": "Tue, 30 Jun 2026 21:25:30 +0000"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            },
            {
                "name": "xxd",
                "from_version": {
                    "source_package_name": "vim",
                    "source_package_version": "2:8.2.3995-1ubuntu2.32",
                    "version": "2:8.2.3995-1ubuntu2.32"
                },
                "to_version": {
                    "source_package_name": "vim",
                    "source_package_version": "2:8.2.3995-1ubuntu2.33",
                    "version": "2:8.2.3995-1ubuntu2.33"
                },
                "cves": [
                    {
                        "cve": "CVE-2026-35177",
                        "url": "https://ubuntu.com/security/CVE-2026-35177",
                        "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-04-06 18:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-55693",
                        "url": "https://ubuntu.com/security/CVE-2026-55693",
                        "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (arridx[], curi[], wordcount[]). A crafted .spl/.sug file pair, loaded when the user invokes spell suggestion, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0653.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-25 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-55892",
                        "url": "https://ubuntu.com/security/CVE-2026-55892",
                        "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (prefix[], arridx[], curi[]). A crafted .spl file, loaded when the user dumps the word list, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0662.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-25 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-55895",
                        "url": "https://ubuntu.com/security/CVE-2026-55895",
                        "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash character escaped, allowing a crafted filename containing a bar (|) to terminate the intended command and execute arbitrary Vimscript, including shell commands via :call system() and :!. This vulnerability is fixed in 9.2.0663.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-25 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-57452",
                        "url": "https://ubuntu.com/security/CVE-2026-57452",
                        "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflows and a subsequent decryption call reads far past the end of the input buffer, crashing Vim. This vulnerability is fixed in 9.2.0671.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-25 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-57455",
                        "url": "https://ubuntu.com/security/CVE-2026-57455",
                        "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stack buffer the caller provides. A word longer than MAXWLEN, passed to soundfold() (or reached via sound-based spell suggestion) while a SOFO-based spell language is active, therefore writes past the end of that buffer. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0698.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-25 16:16:00 UTC"
                    },
                    {
                        "cve": "CVE-2026-57456",
                        "url": "https://ubuntu.com/security/CVE-2026-57456",
                        "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. When reconstructing that source, each scope's docstring is inserted verbatim between triple quotes with no escaping, so a hostile buffer can break out of the triple-quoted literal and execute attacker-controlled Python during omni-completion. This vulnerability is fixed in 9.2.0699.",
                        "cve_priority": "medium",
                        "cve_public_date": "2026-06-25 16:16:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2026-35177",
                                "url": "https://ubuntu.com/security/CVE-2026-35177",
                                "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-04-06 18:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-55693",
                                "url": "https://ubuntu.com/security/CVE-2026-55693",
                                "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (arridx[], curi[], wordcount[]). A crafted .spl/.sug file pair, loaded when the user invokes spell suggestion, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0653.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-25 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-55892",
                                "url": "https://ubuntu.com/security/CVE-2026-55892",
                                "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (prefix[], arridx[], curi[]). A crafted .spl file, loaded when the user dumps the word list, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0662.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-25 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-55895",
                                "url": "https://ubuntu.com/security/CVE-2026-55895",
                                "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the netrw plugin (runtime/pack/dist/opt/netrw/autoload/netrw.vim) when deleting a local file from the browser. A filename derived from the buffer's directory listing is interpolated into an Ex command line passed to :execute with only the backslash character escaped, allowing a crafted filename containing a bar (|) to terminate the intended command and execute arbitrary Vimscript, including shell commands via :call system() and :!. This vulnerability is fixed in 9.2.0663.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-25 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-57452",
                                "url": "https://ubuntu.com/security/CVE-2026-57452",
                                "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflows and a subsequent decryption call reads far past the end of the input buffer, crashing Vim. This vulnerability is fixed in 9.2.0671.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-25 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-57455",
                                "url": "https://ubuntu.com/security/CVE-2026-57455",
                                "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stack buffer the caller provides. A word longer than MAXWLEN, passed to soundfold() (or reached via sound-based spell suggestion) while a SOFO-based spell language is active, therefore writes past the end of that buffer. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0698.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-25 16:16:00 UTC"
                            },
                            {
                                "cve": "CVE-2026-57456",
                                "url": "https://ubuntu.com/security/CVE-2026-57456",
                                "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. When reconstructing that source, each scope's docstring is inserted verbatim between triple quotes with no escaping, so a hostile buffer can break out of the triple-quoted literal and execute attacker-controlled Python during omni-completion. This vulnerability is fixed in 9.2.0699.",
                                "cve_priority": "medium",
                                "cve_public_date": "2026-06-25 16:16:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: Path Traversal in zip.vim",
                            "    - debian/patches/CVE-2026-35177.patch: Detect malicious zip files before",
                            "      writing in runtime/autoload/zip.vim",
                            "    - CVE-2026-35177",
                            "  * SECURITY UPDATE: Out-of-bounds write.",
                            "    - debian/patches/CVE-2026-55693.patch: only descend while",
                            "      depth < MAXWLEN - 1 in src/spellfile.c.",
                            "    - debian/patches/CVE-2026-55892.patch: only descend while",
                            "      depth < MAXWLEN - 1 in src/spell.c.",
                            "    - CVE-2026-55693",
                            "    - CVE-2026-55892",
                            "  * SECURITY UPDATE: Code injection in local file deletion.",
                            "    - debian/patches/CVE-2026-55895.patch: Use fnameescape() to escape",
                            "      file name in runtime/autoload/netrw.vim.",
                            "    - CVE-2026-55895",
                            "  * SECURITY UPDATE: Out-of-bounds read with sodium encrypted files.",
                            "    - debian/patches/CVE-2026-57452.patch: Verify that there is enough space",
                            "      before function call in src/crypt.c.",
                            "    - CVE-2026-57452",
                            "  * SECURITY UPDATE: Out-of-bounds write with soundfold().",
                            "    - debian/patches/CVE-2026-57455.patch: Add an abort condition to validate",
                            "      buffer in src/spell.c.",
                            "    - CVE-2026-57455",
                            "  * SECURITY UPDATE: Code execution with python complete.",
                            "    - debian/patches/CVE-2026-57456.patch: Use repr() to quote the doc strings",
                            "      in runtime/autoload/python3complete.vim and ../pythoncomplete.vim.",
                            "    - CVE-2026-57456",
                            ""
                        ],
                        "package": "vim",
                        "version": "2:8.2.3995-1ubuntu2.33",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Kyle Kernick <kyle.kernick@canonical.com>",
                        "date": "Tue, 30 Jun 2026 11:46:22 -0600"
                    }
                ],
                "notes": null,
                "is_version_downgrade": false
            }
        ],
        "snap": []
    },
    "added": {
        "deb": [],
        "snap": []
    },
    "removed": {
        "deb": [],
        "snap": []
    },
    "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20260701 to 20260703",
    "from_series": "jammy",
    "to_series": "jammy",
    "from_serial": "20260701",
    "to_serial": "20260703",
    "from_manifest_filename": "daily_manifest.previous",
    "to_manifest_filename": "manifest.current"
}