Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3cd0145d by Salvatore Bonaccorso at 2026-06-05T06:31:59+02:00
Track fixes for radare2 via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11650,7 +11650,7 @@ CVE-2026-46719 (Net::Statsd::Lite versions before 0.9.0
for Perl allowed metric
NOT-FOR-US: Net::Statsd::Lite Perl module
CVE-2026-8696 (radare2 6.1.5 contains a use-after-free vulnerability in the
gdbr_pids ...)
[experimental] - radare2 6.1.6+ds-1
- - radare2 <unfixed> (bug #1136830)
+ - radare2 6.1.6+ds-2 (bug #1136830)
NOTE: https://github.com/radareorg/radare2/issues/25836
NOTE:
https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c
CVE-2026-8681 (The Essential Chat Support plugin for WordPress is vulnerable
to autho ...)
@@ -11812,7 +11812,7 @@ CVE-2026-46433 [Heap OOB Read in VLAN Decapsulation
memmove]
NOTE: Fixed by:
https://github.com/lldpd/lldpd/commit/ca931be63a9cae0fcd8e9b6ae4e916d49f141cd6
(1.0.22)
CVE-2026-8695 (radare2 6.1.5 contains a use-after-free vulnerability in the
gdbr_thre ...)
[experimental] - radare2 6.1.6+ds-1
- - radare2 <unfixed> (bug #1136831)
+ - radare2 6.1.6+ds-2 (bug #1136831)
NOTE: https://github.com/radareorg/radare2/issues/25835
NOTE: https://github.com/radareorg/radare2/issues/25836
NOTE:
https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c
@@ -26816,12 +26816,12 @@ CVE-2026-6942 (radare2-mcp version 1.6.0 and earlier
contains an os command inje
NOT-FOR-US: radare2-mcp
CVE-2026-6941 (radare2 prior to 6.1.4 contains a path traversal vulnerability
in its ...)
[experimental] - radare2 6.1.4+ds-1
- - radare2 <unfixed> (bug #1134886)
+ - radare2 6.1.6+ds-2 (bug #1134886)
NOTE:
https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4
NOTE: https://github.com/radareorg/radare2/pull/25831
CVE-2026-6940 (radare2 prior to 6.1.4 contains a path traversal vulnerability
in proj ...)
[experimental] - radare2 6.1.4+ds-1
- - radare2 <unfixed> (bug #1134885)
+ - radare2 6.1.6+ds-2 (bug #1134885)
NOTE: https://github.com/radareorg/radare2/pull/25830
NOTE:
https://github.com/radareorg/radare2/commit/e5fcf56fe038760c872c6dbed432602778fde1ed
CVE-2026-6810 (The Booking Calendar Contact Form plugin for WordPress is
vulnerable t ...)
@@ -27422,7 +27422,7 @@ CVE-2026-40529 (CMS ALAYA provided by KANATA Limited
contains an SQL injection v
NOT-FOR-US: CMS ALAYA
CVE-2026-40517 (radare2 prior to 6.1.4 contains a command injection
vulnerability in t ...)
[experimental] - radare2 6.1.4+ds-1
- - radare2 <unfixed> (bug #1134893)
+ - radare2 6.1.6+ds-2 (bug #1134893)
NOTE: https://github.com/radareorg/radare2/issues/25730
NOTE: https://github.com/radareorg/radare2/pull/25731
NOTE: Fixed by:
https://github.com/radareorg/radare2/commit/0e38152560e689327a74d2944fa45ba7afd4cb33
(6.1.4)
@@ -30358,7 +30358,7 @@ CVE-2026-40572 (NovumOS is a custom 32-bit operating
system written in Zig and x
NOT-FOR-US: NovumOS
CVE-2026-40527 (radare2 prior to commit bc5a890 contains a command injection
vulnerabi ...)
[experimental] - radare2 6.1.4+ds-1
- - radare2 <unfixed> (bug #1134621)
+ - radare2 6.1.6+ds-2 (bug #1134621)
NOTE: https://github.com/radareorg/radare2/pull/25821
NOTE:
https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683
CVE-2026-40494 (SAIL is a cross-platform library for loading and saving images
with su ...)
@@ -31714,7 +31714,7 @@ CVE-2026-40683 (In OpenStack Keystone before 28.0.1,
the LDAP identity backend d
NOTE: https://review.opendev.org/c/openstack/keystone/+/958205
CVE-2026-40499 (radare2 prior to version 6.1.4 contains a command injection
vulnerabil ...)
[experimental] - radare2 6.1.4+ds-1
- - radare2 <unfixed> (bug #1134622)
+ - radare2 6.1.6+ds-2 (bug #1134622)
NOTE: https://github.com/radareorg/radare2/pull/25731
NOTE: https://github.com/radareorg/radare2/issues/25752
NOTE: Fixed by:
https://github.com/radareorg/radare2/commit/5590c87deeb7eb2a106fd7aab9ca88bfeebb7397
(6.1.4)
@@ -49369,7 +49369,7 @@ CVE-2026-4175 (A vulnerability was determined in Aureus
ERP up to 1.3.0-BETA2. T
NOT-FOR-US: Aureus ERP
CVE-2026-4174 (A vulnerability has been found in Radare2 5.9.9. This issue
affects th ...)
[experimental] - radare2 6.1.4+ds-1
- - radare2 <unfixed> (bug #1132232)
+ - radare2 6.1.6+ds-2 (bug #1132232)
NOTE: https://github.com/radareorg/radare2/issues/25482
NOTE: Fixed by:
https://github.com/radareorg/radare2/commit/4371ae84c99c46b48cb21badbbef06b30757aba0
(6.1.2)
CVE-2026-4173 (A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This
vulnera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cd0145d4382eead2d7d37786cf55ee05368d7e8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cd0145d4382eead2d7d37786cf55ee05368d7e8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
