Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6fbeb96 by Salvatore Bonaccorso at 2026-07-05T21:14:51+02:00
Track fixed version for erlang issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1092,14 +1092,14 @@ CVE-2026-56037 (Deserialization of Untrusted Data
vulnerability in Themify Themi
CVE-2026-56004 (A shellcode injection in the mercurial handler of the obs
tar_scm sour ...)
TODO: check
CVE-2026-55952 (The Erlang/OTP ssl application does not validate that the PSK
identity ...)
- - erlang <unfixed> (bug #1141414)
+ - erlang 1:29.0.3+dfsg-1 (bug #1141414)
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-55952
NOTE: https://cna.erlef.org/cves/CVE-2026-55952.html
NOTE:
https://github.com/erlang/otp/commit/095f744713c325acdbd18c23e397f04593c06275
(OTP-29.0.3)
NOTE:
https://github.com/erlang/otp/commit/2c3e599797644310e5d4aa39c7193420e59dadff
(OTP-28.5.0.3)
NOTE:
https://github.com/erlang/otp/commit/9b5437c72fa3403a75c1aba28e5c532bc191c662
(OTP-27.3.4.14)
CVE-2026-55950 (Time-of-check Time-of-use (TOCTOU) race condition
vulnerability in Erl ...)
- - erlang <unfixed> (bug #1141414)
+ - erlang 1:29.0.3+dfsg-1 (bug #1141414)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-hwfc-5hf4-gvr3
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-55950
NOTE: https://cna.erlef.org/cves/CVE-2026-55950.html
@@ -1125,19 +1125,19 @@ CVE-2026-55111 (A malicious actor with access to the
network could exploit a Pat
CVE-2026-55110 (A malicious actor who lures an authenticated user to a
malicious page ...)
NOT-FOR-US: UniFi
CVE-2026-54891 (Improper Enforcement of Message Integrity During Transmission
in a Com ...)
- - erlang <unfixed> (bug #1141414)
+ - erlang 1:29.0.3+dfsg-1 (bug #1141414)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-gf6r-99xw-6qg6
NOTE: https://cna.erlef.org/cves/CVE-2026-54891.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-54891
NOTE:
https://github.com/erlang/otp/commit/07d2d0e93f6aaf7652a81e8df075fc1728da5e96
(OTP-29.0.3, OTP-28.5.0.3, OTP-27.3.4.14)
CVE-2026-54887 (Use of Default Cryptographic Key vulnerability in Erlang/OTP
ssl (DTLS ...)
- - erlang <unfixed> (bug #1141414)
+ - erlang 1:29.0.3+dfsg-1 (bug #1141414)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-p2m2-3c2w-8jp8
NOTE: https://cna.erlef.org/cves/CVE-2026-54887.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-54887
NOTE:
https://github.com/erlang/otp/commit/888e3bcd72d5406016b9e0de741026bc2a6f114d
(OTP-29.0.3, OTP-28.5.0.3, OTP-27.3.4.14)
CVE-2026-54886 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
- - erlang <unfixed> (bug #1141414)
+ - erlang 1:29.0.3+dfsg-1 (bug #1141414)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-7wp4-pc27-2vj9
NOTE: https://cna.erlef.org/cves/CVE-2026-54886.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-54886
@@ -1169,7 +1169,7 @@ CVE-2026-54401 (A malicious actor with access to the
network and low privileges
CVE-2026-54400 (A malicious actor with access to the network and high
privileges could ...)
NOT-FOR-US: UniFi
CVE-2026-53422 (Observable Response Discrepancy vulnerability in Erlang OTP
ssh (ssh_s ...)
- - erlang <unfixed> (bug #1141414)
+ - erlang 1:29.0.3+dfsg-1 (bug #1141414)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-h9pw-h5w4-h976
NOTE: https://cna.erlef.org/cves/CVE-2026-53422.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-53422
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fbeb96a1bc0fd8c2b433510ed3a8d822a3a8c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6fbeb96a1bc0fd8c2b433510ed3a8d822a3a8c3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits