[Git][security-tracker-team/security-tracker][master] Add some new erlang issues

Salvatore Bonaccorso (@carnil) Wed, 10 Jun 2026 13:54:25 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1d98a3df by Salvatore Bonaccorso at 2026-06-10T22:53:34+02:00
Add some new erlang issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -110,9 +110,15 @@ CVE-2026-49822 (Fission is an open-source, 
Kubernetes-native serverless framewor
 CVE-2026-49821 (Fission is an open-source, Kubernetes-native serverless 
framework that ...)
        NOT-FOR-US: Fission
 CVE-2026-49760 (Stack-based Buffer Overflow vulnerability in Erlang OTP 
(erl_interface ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49760
+       NOTE: https://cna.erlef.org/cves/CVE-2026-49760.html
+       NOTE: Fixed by: 
https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111 
(OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
 CVE-2026-49759 (Stack-based Buffer Overflow vulnerability in Erlang OTP erts 
(inet_drv ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: https://cna.erlef.org/cves/CVE-2026-49759.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49759
+       NOTE: Fixed by: 
https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e 
(OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
 CVE-2026-49498 (Ghidra 11.0 before 12.1 contains a SQL injection vulnerability 
in the  ...)
        TODO: check
 CVE-2026-49497 (Ghidra before 12.1 contains a path traversal vulnerability in 
SameDirD ...)
@@ -124,15 +130,36 @@ CVE-2026-49495 (Ghidra 10.2 before 12.1 contains an 
uncontrolled resource consum
 CVE-2026-49069 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48860 (Reliance on IP Address for Authentication vulnerability in 
Erlang/OTP  ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv
+       NOTE: https://cna.erlef.org/cves/CVE-2026-48860.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48860
+       NOTE: Fixed by: 
https://github.com/erlang/otp/commit/0209a6df65d605552b378273027b3968b35f26b4 
(OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
 CVE-2026-48859 (Observable Timing Discrepancy vulnerability in Erlang/OTP ssh 
(ssh_aut ...)
-       TODO: check
+       - erlang <not-affected> (Vulnerable code not present)
+       NOTE: https://cna.erlef.org/cves/CVE-2026-48859.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48859
+       NOTE: Introduced with: 
https://github.com/erlang/otp/commit/032d1bc9491a3975c68faf9bc7776115d6ae3005 
(OTP-29.0-rc2)
+       NOTE: Fixed by: 
https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf 
(OTP-29.0.2)
 CVE-2026-48858 (Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP 
ftp (ft ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq
+       NOTE: https://cna.erlef.org/cves/CVE-2026-48858.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48858
+       NOTE: Fixed by: 
https://github.com/erlang/otp/commit/2691a806231ffd0490a8a9e20500dec0c7e73727 
(OTP-29.0.2, OTP-28.5.0.2)
+       NOTE: Fixed by: 
https://github.com/erlang/otp/commit/521bcfa24407ee8cb5614823cf905c37ea3aa605 
(OTP-27.3.4.13)
 CVE-2026-48856 (Sensitive Data Exposure vulnerability in Erlang OTP inets 
(httpc_respo ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh
+       NOTE: https://cna.erlef.org/cves/CVE-2026-48856.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48856
+       NOTE: Fixed by: 
https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b662a1d3de8af97079612 
(OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
 CVE-2026-48855 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh
+       NOTE: https://cna.erlef.org/cves/CVE-2026-48855.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48855
+       NOTE: Fixed by: 
https://github.com/erlang/otp/commit/8f4224a0d2676b0653d2c71a889a956e8c2c62d6 
(OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
 CVE-2026-48556
        REJECTED
 CVE-2026-48096 (OpenFGA is an authorization/permission engine built for 
developers. Pr ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d98a3dff2803cb0014b79584106fe6a7e631f44

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d98a3dff2803cb0014b79584106fe6a7e631f44
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Add some new erlang issues

Reply via email to