new file mode 100644

@@ -0,0 +1,13 @@

+diff -rup vim74/src/spell.c vim74-new/src/spell.c

+--- vim74/src/spell.c	2013-07-17 08:28:28.000000000 -0700

+@@ -4043,6 +4043,9 @@ spell_read_tree(fd, bytsp, idxsp, prefix

+     len = get4c(fd);

+     if (len < 0)

+ 	return SP_TRUNCERROR;

++    if (len >= 0x3fffffff)

++        /* Invalid length, multiply with sizeof(int) would overflow. */

++        return SP_FORMERROR;    

+     if (len > 0)

+     {

+ 	/* Allocate the byte array. */

@@ -3,7 +3,7 @@

 Summary:    Text editor

 Name:       vim

 Version:    7.4

-Release:    8%{?dist}

+Release:    9%{?dist}

 License:    Charityware

 URL:        http://www.vim.org

 Group:      Applications/Editors

@@ -12,6 +12,7 @@ Distribution:   Photon

 Source0:    %{name}-%{version}.tar.bz2

 %define sha1 vim=601abf7cc2b5ab186f40d8790e542f86afca86b7

 Patch0:         vim-CVE-2016-1248.patch

+Patch1:         vim-7.4-CVE-2017-5953.patch

 BuildRequires:  ncurses-devel

 Requires:   tcsh

@@ -29,6 +30,7 @@ The vim extra package contains a extra files for powerful text editor.

 %prep

 %setup -q -n %{name}74

 %patch0 -p1

+%patch1 -p1

 echo '#define SYS_VIMRC_FILE "/etc/vimrc"' >> src/feature.h

 %build

 ./configure \

@@ -157,6 +159,8 @@ make test

 %{_bindir}/vimdiff

 %changelog

+*   Fri Feb 17 2017 Anish Swaminathan <anishs@vmware.com>  7.4-9

+-   Fix for CVE-2017-5953

 *   Fri Nov 18 2016 Anish Swaminathan <anishs@vmware.com>  7.4-8

 -   Fix for CVE-2016-1248

 *   Wed Oct 05 2016 ChangLee <changlee@vmware.com> 7.4-7