CLSA-2026-1777558504 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

CLSA-2026-1776769741 rsync: Fix of 3 CVEs

CVE-2017-16548: fix heap overread in receivexattr by enforcing trailing NUL on received xattr names - CVE-2017-17434: sanitize xname in readndxandattrs and check daemon filter against fnamecmp in recvfiles - CVE-2018-5764: prevent client from resetting protectargs during the second parsearguments...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...