CVE-2025-66476

public inbox for git@vger.kernel.org
 help / color / mirror / Atom feed

* CVE-2025-66476
@ 2026-01-22 16:40 Luis Alvarado
  2026-01-22 18:09 ` CVE-2025-66476 Junio C Hamano
  0 siblings, 1 reply; 2+ messages in thread
From: Luis Alvarado @ 2026-01-22 16:40 UTC (permalink / raw)
  To: git

Hello!

I need some help or guidance on how to remediate this vulnerability.
We have a customer with Git, which includes VIM and is vulnerable to
CVE-2025-66476. However, the GIT version for Windows was last updated
in November 2025. How can I remediate this issue, is there a way to
update VIM without updating git? if so , how.

File C:\Program Files\Git\usr\bin\vim.exe&; version &#96;9.1.1914&#96;
is vulnerable to &#96;CVE-2025-66476&#96;, which exists in versions
&#96;&lt; 9.1.1947&#96;.

Thank you!

--
Luis A. Alvarado, M.S., CISSP, CEH, (ISC)² CAP, Security+ | IT
Specialist (INFOSEC)
This e-mail message and any attachment(s) are intended only for use by
the addressee(s) named herein and may contain legally privileged
and/or confidential information.  If you are not the intended
recipient of this e-mail message, you are hereby notified that any
dissemination, distribution, or copying of this e-mail message,
including any attachment(s), is strictly prohibited.  If you have
received this e-mail message in error, please immediately notify me by
telephone or e-mail and permanently delete or destroy the original and
any copy (electronic or printout) of this e-mail message, including
any attachment(s).

... Truth is the only safe ground to stand on. - Anonymous

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: CVE-2025-66476
  2026-01-22 16:40 CVE-2025-66476 Luis Alvarado
@ 2026-01-22 18:09 ` Junio C Hamano
  0 siblings, 0 replies; 2+ messages in thread
From: Junio C Hamano @ 2026-01-22 18:09 UTC (permalink / raw)
  To: Luis Alvarado; +Cc: git

Luis Alvarado <luis.alvarado.torres@gmail.com> writes:

> I need some help or guidance on how to remediate this vulnerability.
> We have a customer with Git, which includes VIM and is vulnerable to
> CVE-2025-66476. However, the GIT version for Windows was last updated
> in November 2025. How can I remediate this issue, is there a way to
> update VIM without updating git? if so , how.

The Git project does not ship any binary, not even Git binary, let
alone Vim binary.  We work on and ship only the source code of Git.

If you are getting your vim as part of the windows port of Git,
please redirect your inquiry to the Git for Windows project; you can
probably reach out to them at their issue tracker at

    https://github.com/git-for-windows/git/issues.

Please be sure to search first before asking, since the maintainer
of the project is busy.

Thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-01-22 18:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-22 16:40 CVE-2025-66476 Luis Alvarado
2026-01-22 18:09 ` CVE-2025-66476 Junio C Hamano

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox