Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf97fb0b by Salvatore Bonaccorso at 2026-06-12T20:55:37+02:00
Track fixed version for erlang issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -806,12 +806,12 @@ CVE-2026-49822 (Fission is an open-source,
Kubernetes-native serverless framewor
CVE-2026-49821 (Fission is an open-source, Kubernetes-native serverless
framework that ...)
NOT-FOR-US: Fission
CVE-2026-49760 (Stack-based Buffer Overflow vulnerability in Erlang OTP
(erl_interface ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49760
NOTE: https://cna.erlef.org/cves/CVE-2026-49760.html
NOTE: Fixed by:
https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111
(OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
CVE-2026-49759 (Stack-based Buffer Overflow vulnerability in Erlang OTP erts
(inet_drv ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE: https://cna.erlef.org/cves/CVE-2026-49759.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49759
NOTE: Fixed by:
https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e
(OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
@@ -826,7 +826,7 @@ CVE-2026-49495 (Ghidra 10.2 before 12.1 contains an
uncontrolled resource consum
CVE-2026-49069 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48860 (Reliance on IP Address for Authentication vulnerability in
Erlang/OTP ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv
NOTE: https://cna.erlef.org/cves/CVE-2026-48860.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48860
@@ -838,20 +838,20 @@ CVE-2026-48859 (Observable Timing Discrepancy
vulnerability in Erlang/OTP ssh (s
NOTE: Introduced with:
https://github.com/erlang/otp/commit/032d1bc9491a3975c68faf9bc7776115d6ae3005
(OTP-29.0-rc2)
NOTE: Fixed by:
https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf
(OTP-29.0.2)
CVE-2026-48858 (Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP
ftp (ft ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq
NOTE: https://cna.erlef.org/cves/CVE-2026-48858.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48858
NOTE: Fixed by:
https://github.com/erlang/otp/commit/2691a806231ffd0490a8a9e20500dec0c7e73727
(OTP-29.0.2, OTP-28.5.0.2)
NOTE: Fixed by:
https://github.com/erlang/otp/commit/521bcfa24407ee8cb5614823cf905c37ea3aa605
(OTP-27.3.4.13)
CVE-2026-48856 (Sensitive Data Exposure vulnerability in Erlang OTP inets
(httpc_respo ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh
NOTE: https://cna.erlef.org/cves/CVE-2026-48856.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48856
NOTE: Fixed by:
https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b662a1d3de8af97079612
(OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
CVE-2026-48855 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh
NOTE: https://cna.erlef.org/cves/CVE-2026-48855.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48855
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf97fb0b20d5ca0a0763df19904cc31f8e7071b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf97fb0b20d5ca0a0763df19904cc31f8e7071b6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits