[Git][security-tracker-team/security-tracker][master] Track fixes for radare2 via unstable

Fri Jun 5 05:32:29 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3cd0145d by Salvatore Bonaccorso at 2026-06-05T06:31:59+02:00
Track fixes for radare2 via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11650,7 +11650,7 @@ CVE-2026-46719 (Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric
 	NOT-FOR-US: Net::Statsd::Lite Perl module
 CVE-2026-8696 (radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids ...)
 	[experimental] - radare2 6.1.6+ds-1
-	- radare2 <unfixed> (bug #1136830)
+	- radare2 6.1.6+ds-2 (bug #1136830)
 	NOTE: https://github.com/radareorg/radare2/issues/25836
 	NOTE: https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c
 CVE-2026-8681 (The Essential Chat Support plugin for WordPress is vulnerable to autho ...)
@@ -11812,7 +11812,7 @@ CVE-2026-46433 [Heap OOB Read in VLAN Decapsulation memmove]
 	NOTE: Fixed by: https://github.com/lldpd/lldpd/commit/ca931be63a9cae0fcd8e9b6ae4e916d49f141cd6 (1.0.22)
 CVE-2026-8695 (radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_thre ...)
 	[experimental] - radare2 6.1.6+ds-1
-	- radare2 <unfixed> (bug #1136831)
+	- radare2 6.1.6+ds-2 (bug #1136831)
 	NOTE: https://github.com/radareorg/radare2/issues/25835
 	NOTE: https://github.com/radareorg/radare2/issues/25836
 	NOTE: https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c
@@ -26816,12 +26816,12 @@ CVE-2026-6942 (radare2-mcp version 1.6.0 and earlier contains an os command inje
 	NOT-FOR-US: radare2-mcp
 CVE-2026-6941 (radare2 prior to 6.1.4 contains a path traversal vulnerability in its  ...)
 	[experimental] - radare2 6.1.4+ds-1
-	- radare2 <unfixed> (bug #1134886)
+	- radare2 6.1.6+ds-2 (bug #1134886)
 	NOTE: https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4
 	NOTE: https://github.com/radareorg/radare2/pull/25831
 CVE-2026-6940 (radare2 prior to 6.1.4 contains a path traversal vulnerability in proj ...)
 	[experimental] - radare2 6.1.4+ds-1
-	- radare2 <unfixed> (bug #1134885)
+	- radare2 6.1.6+ds-2 (bug #1134885)
 	NOTE: https://github.com/radareorg/radare2/pull/25830
 	NOTE: https://github.com/radareorg/radare2/commit/e5fcf56fe038760c872c6dbed432602778fde1ed
 CVE-2026-6810 (The Booking Calendar Contact Form plugin for WordPress is vulnerable t ...)
@@ -27422,7 +27422,7 @@ CVE-2026-40529 (CMS ALAYA provided by KANATA Limited contains an SQL injection v
 	NOT-FOR-US: CMS ALAYA
 CVE-2026-40517 (radare2 prior to 6.1.4 contains a command injection vulnerability in t ...)
 	[experimental] - radare2 6.1.4+ds-1
-	- radare2 <unfixed> (bug #1134893)
+	- radare2 6.1.6+ds-2 (bug #1134893)
 	NOTE: https://github.com/radareorg/radare2/issues/25730
 	NOTE: https://github.com/radareorg/radare2/pull/25731
 	NOTE: Fixed by: https://github.com/radareorg/radare2/commit/0e38152560e689327a74d2944fa45ba7afd4cb33 (6.1.4)
@@ -30358,7 +30358,7 @@ CVE-2026-40572 (NovumOS is a custom 32-bit operating system written in Zig and x
 	NOT-FOR-US: NovumOS
 CVE-2026-40527 (radare2 prior to commit bc5a890 contains a command injection vulnerabi ...)
 	[experimental] - radare2 6.1.4+ds-1
-	- radare2 <unfixed> (bug #1134621)
+	- radare2 6.1.6+ds-2 (bug #1134621)
 	NOTE: https://github.com/radareorg/radare2/pull/25821
 	NOTE: https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683
 CVE-2026-40494 (SAIL is a cross-platform library for loading and saving images with su ...)
@@ -31714,7 +31714,7 @@ CVE-2026-40683 (In OpenStack Keystone before 28.0.1, the LDAP identity backend d
 	NOTE: https://review.opendev.org/c/openstack/keystone/+/958205
 CVE-2026-40499 (radare2 prior to version 6.1.4 contains a command injection vulnerabil ...)
 	[experimental] - radare2 6.1.4+ds-1
-	- radare2 <unfixed> (bug #1134622)
+	- radare2 6.1.6+ds-2 (bug #1134622)
 	NOTE: https://github.com/radareorg/radare2/pull/25731
 	NOTE: https://github.com/radareorg/radare2/issues/25752
 	NOTE: Fixed by: https://github.com/radareorg/radare2/commit/5590c87deeb7eb2a106fd7aab9ca88bfeebb7397 (6.1.4)
@@ -49369,7 +49369,7 @@ CVE-2026-4175 (A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. T
 	NOT-FOR-US: Aureus ERP
 CVE-2026-4174 (A vulnerability has been found in Radare2 5.9.9. This issue affects th ...)
 	[experimental] - radare2 6.1.4+ds-1
-	- radare2 <unfixed> (bug #1132232)
+	- radare2 6.1.6+ds-2 (bug #1132232)
 	NOTE: https://github.com/radareorg/radare2/issues/25482
 	NOTE: Fixed by: https://github.com/radareorg/radare2/commit/4371ae84c99c46b48cb21badbbef06b30757aba0 (6.1.2)
 CVE-2026-4173 (A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cd0145d4382eead2d7d37786cf55ee05368d7e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3cd0145d4382eead2d7d37786cf55ee05368d7e8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260605/4474ad71/attachment-0001.htm>
