* SECURITY UPDATE: Code execution via Python omni-completion executing import and from statements harvested from the current buffer through exec() (gate buffer-derived import execution behind the new g:pythoncomplete_allow_import option, disabled by default) - debian/patches/CVE-2026-52858.patch: disable execution of import and from statements found in the buffer during python3complete and pythoncomplete omni-completion unless g:pythoncomplete_allow_import is set - CVE-2026-52858 * SECURITY UPDATE: Out-of-bounds read in update_snapshot() in src/terminal.c when a terminal cell fills all VTERM_MAX_CHARS_PER_CELL slots and the bundled libvterm returns the chars array without a NUL terminator - debian/patches/CVE-2026-52859.patch: bound the cell.chars[] copy loop in update_snapshot() with i < VTERM_MAX_CHARS_PER_CELL to prevent reading past the fixed six-element array - CVE-2026-52859 * SECURITY UPDATE: Code execution via Python omni-completion evaluating function default values, parameter annotations, and class base expressions reconstructed from the current buffer and run through exec() - debian/patches/CVE-2026-52860.patch: strip default expressions and annotations from generated function parameters and whitelist dotted class base expressions in python3complete and pythoncomplete get_code() so attacker-controlled expressions are not executed - CVE-2026-52860