[Git][security-tracker-team/security-tracker][master] Add CVE-2026-2474/libcrypt-urandom-perl

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88b6c1da by Salvatore Bonaccorso at 2026-02-17T05:57:27+01:00
Add CVE-2026-2474/libcrypt-urandom-perl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2026-2474 [heap buffer overflow in the XS function crypt_urandom_getrandom()]
+	- libcrypt-urandom-perl 0.55-1
+	[bookworm] - libcrypt-urandom-perl <not-affected> (Vulnerable code introduced later in 0.41)
+	[bullseye] - libcrypt-urandom-perl <not-affected> (Vulnerable code introduced later in 0.41)
+	NOTE: Fixed by: https://github.com/david-dick/crypt-urandom/commit/124e2c2d32bfd637fd06f81f832fa8a4627cdc2b
+	NOTE: https://lists.security.metacpan.org/cve-announce/msg/37085458/
 CVE-2026-2577 (The WhatsApp bridge component in Nanobot binds the WebSocket server to ...)
 	NOT-FOR-US: Nanobot
 CVE-2026-2567 (A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88b6c1da8dd652c808fffb0540a037d5ffe691ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88b6c1da8dd652c808fffb0540a037d5ffe691ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260217/18641833/attachment.htm>