Please note that there is a separate issue for the same vulnerability in the vim package: boo#1126750