[Git][security-tracker-team/security-tracker][master] Track fixes for radare2 via experimental

Fri, 15 May 2026 14:07:09 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
53a0aac0 by Salvatore Bonaccorso at 2026-05-15T23:06:28+02:00
Track fixes for radare2 via experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14380,10 +14380,12 @@ CVE-2026-6947 (DWM-222W USB Wi-Fi Adapter developed 
by D-Link has a Brute-Force
 CVE-2026-6942 (radare2-mcp version 1.6.0 and earlier contains an os command 
injection ...)
        NOT-FOR-US: radare2-mcp
 CVE-2026-6941 (radare2 prior to 6.1.4 contains a path traversal vulnerability 
in its  ...)
+       [experimental] - radare2 6.1.4+ds-1
        - radare2 <unfixed> (bug #1134886)
        NOTE: 
https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4
        NOTE: https://github.com/radareorg/radare2/pull/25831
 CVE-2026-6940 (radare2 prior to 6.1.4 contains a path traversal vulnerability 
in proj ...)
+       [experimental] - radare2 6.1.4+ds-1
        - radare2 <unfixed> (bug #1134885)
        NOTE: https://github.com/radareorg/radare2/pull/25830
        NOTE: 
https://github.com/radareorg/radare2/commit/e5fcf56fe038760c872c6dbed432602778fde1ed
@@ -14983,6 +14985,7 @@ CVE-2026-40882 (OpenRemote is an open-source 
internet-of-things platform. Prior
 CVE-2026-40529 (CMS ALAYA provided by KANATA Limited contains an SQL injection 
vulnera ...)
        NOT-FOR-US: CMS ALAYA
 CVE-2026-40517 (radare2 prior to 6.1.4 contains a command injection 
vulnerability in t ...)
+       [experimental] - radare2 6.1.4+ds-1
        - radare2 <unfixed> (bug #1134893)
        NOTE: https://github.com/radareorg/radare2/issues/25730
        NOTE: https://github.com/radareorg/radare2/pull/25731
@@ -17894,6 +17897,7 @@ CVE-2026-40581 (ChurchCRM is an open-source church 
management system. In version
 CVE-2026-40572 (NovumOS is a custom 32-bit operating system written in Zig and 
x86 Ass ...)
        NOT-FOR-US: NovumOS
 CVE-2026-40527 (radare2 prior to commit bc5a890 contains a command injection 
vulnerabi ...)
+       [experimental] - radare2 6.1.4+ds-1
        - radare2 <unfixed> (bug #1134621)
        NOTE: https://github.com/radareorg/radare2/pull/25821
        NOTE: 
https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683
@@ -19233,6 +19237,7 @@ CVE-2026-40683 (In OpenStack Keystone before 28.0.1, 
the LDAP identity backend d
        [bookworm] - keystone <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://review.opendev.org/c/openstack/keystone/+/958205
 CVE-2026-40499 (radare2 prior to version 6.1.4 contains a command injection 
vulnerabil ...)
+       [experimental] - radare2 6.1.4+ds-1
        - radare2 <unfixed> (bug #1134622)
        NOTE: https://github.com/radareorg/radare2/pull/25731
        NOTE: https://github.com/radareorg/radare2/issues/25752
@@ -36758,6 +36763,7 @@ CVE-2026-4180 (A vulnerability was identified in D-Link 
DIR-816 1.10CNB05. The i
 CVE-2026-4175 (A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. 
The af ...)
        NOT-FOR-US: Aureus ERP
 CVE-2026-4174 (A vulnerability has been found in Radare2 5.9.9. This issue 
affects th ...)
+       [experimental] - radare2 6.1.4+ds-1
        - radare2 <unfixed> (bug #1132232)
        NOTE: https://github.com/radareorg/radare2/issues/25482
        NOTE: Fixed by: 
https://github.com/radareorg/radare2/commit/4371ae84c99c46b48cb21badbbef06b30757aba0
 (6.1.2)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53a0aac0b21b7ac9665f4f5e82bbd12b1b3eee8a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53a0aac0b21b7ac9665f4f5e82bbd12b1b3eee8a
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to