Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ea4b25e by Salvatore Bonaccorso at 2026-05-28T13:31:37+02:00
Add new erlang issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1111,11 +1111,29 @@ CVE-2026-42879 (FacturaScripts is an open source
accounting and invoicing softwa
CVE-2026-42878 (FacturaScripts is an open source accounting and invoicing
software. Pr ...)
TODO: check
CVE-2026-42791 (Improper Certificate Validation vulnerability in Erlang OTP
public_key ...)
- TODO: check
+ - erlang 1:27.3.4.12+dfsg-1
+ [bookworm] - erlang <not-affected> (Vulnerable code not present)
+ [bullseye] - erlang <not-affected> (Vulnerable code not present)
+ NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff
+ NOTE: https://cna.erlef.org/cves/CVE-2026-42791.html
+ NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-42791
+ NOTE:
https://github.com/erlang/otp/commit/7995f1fdaee3da569bb810358ce0f546471d169b
(OTP-27.3.4.12)
+ NOTE:
https://github.com/erlang/otp/commit/b3870e02405c709a872b01ba6086065620cdfe76
(OTP-29.0.1, OTP-28.5.0.1)
CVE-2026-42790 (Improper Certificate Validation vulnerability in Erlang OTP
public_key ...)
- TODO: check
+ - erlang 1:27.3.4.12+dfsg-1
+ NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447
+ NOTE: https://cna.erlef.org/cves/CVE-2026-42790.html
+ NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-42790
+ NOTE:
https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759
(OTP-26.2.5.21)
+ NOTE:
https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457
(OTP-27.3.4.12)
+ NOTE:
https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a
(OTP-29.0.1, OTP-28.5.0.1)
CVE-2026-42789 (Improper Following of a Certificate's Chain of Trust
vulnerability in ...)
- TODO: check
+ - erlang 1:27.3.4.12+dfsg-1
+ NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq
+ NOTE: https://cna.erlef.org/cves/CVE-2026-42789.html
+ NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-42789
+ NOTE:
https://github.com/erlang/otp/commit/471cd2f664300a95353c467873800bbe706005db
(OTP-26.2.5.21)
+ NOTE:
https://github.com/erlang/otp/commit/59c8d824386b2eb1614ff9340624843ef6aca0fd
(OTP-29.0.1, OTP-28.5.0.1, OTP-27.3.4.12)
CVE-2026-42762 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-42761 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea4b25e38faaf197b58cb52469348989affc841
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea4b25e38faaf197b58cb52469348989affc841
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
