[Git][security-tracker-team/security-tracker][master] Add CVE-2026-49762/elixir-lang

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 10 05:09:08 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83f32cb4 by Salvatore Bonaccorso at 2026-06-10T06:08:38+02:00
Add CVE-2026-49762/elixir-lang

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,7 +80,12 @@ CVE-2026-49841 (FreeSWITCH is a Software Defined Telecom Stack enabling the digi
 CVE-2026-49840 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...)
 	- freeswitch <itp> (bug #389591)
 CVE-2026-49762 (Uncontrolled Resource Consumption vulnerability in the Elixir standard ...)
-	TODO: check
+	- elixir-lang <unfixed>
+	NOTE: https://github.com/elixir-lang/elixir/security/advisories/GHSA-w2h8-8x3g-278p
+	NOTE: https://cna.erlef.org/cves/CVE-2026-49762.html
+	NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49762
+	NOTE: Fixed by: https://github.com/elixir-lang/elixir/commit/c64417d72fd5c7d09e963ca3ac5fa2b140978d9e (main)
+	NOTE: Fixed by: https://github.com/elixir-lang/elixir/commit/64e6707233464c3e55a9ca6b44019aed25b0390a (v1.20.1)
 CVE-2026-49742 (Backend users with file download permissions were able to download fil ...)
 	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2026-49741 (Backend users with write access to the form_definition database table  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83f32cb4db5ae627ad3181e79362ce52a5f5c7bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83f32cb4db5ae627ad3181e79362ce52a5f5c7bf
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/d6b103c2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list