[Git][security-tracker-team/security-tracker][master] Add Debian bug references for erlang issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 12 05:42:27 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2116830b by Salvatore Bonaccorso at 2026-06-12T06:41:54+02:00
Add Debian bug references for erlang issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -539,12 +539,12 @@ CVE-2026-49822 (Fission is an open-source, Kubernetes-native serverless framewor
CVE-2026-49821 (Fission is an open-source, Kubernetes-native serverless framework that ...)
NOT-FOR-US: Fission
CVE-2026-49760 (Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface ...)
- - erlang <unfixed>
+ - erlang <unfixed> (bug #1139727)
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49760
NOTE: https://cna.erlef.org/cves/CVE-2026-49760.html
NOTE: Fixed by: https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111 (OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
CVE-2026-49759 (Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv ...)
- - erlang <unfixed>
+ - erlang <unfixed> (bug #1139727)
NOTE: https://cna.erlef.org/cves/CVE-2026-49759.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49759
NOTE: Fixed by: https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e (OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
@@ -559,7 +559,7 @@ CVE-2026-49495 (Ghidra 10.2 before 12.1 contains an uncontrolled resource consum
CVE-2026-49069 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48860 (Reliance on IP Address for Authentication vulnerability in Erlang/OTP ...)
- - erlang <unfixed>
+ - erlang <unfixed> (bug #1139727)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv
NOTE: https://cna.erlef.org/cves/CVE-2026-48860.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48860
@@ -571,20 +571,20 @@ CVE-2026-48859 (Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (s
NOTE: Introduced with: https://github.com/erlang/otp/commit/032d1bc9491a3975c68faf9bc7776115d6ae3005 (OTP-29.0-rc2)
NOTE: Fixed by: https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf (OTP-29.0.2)
CVE-2026-48858 (Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ft ...)
- - erlang <unfixed>
+ - erlang <unfixed> (bug #1139727)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq
NOTE: https://cna.erlef.org/cves/CVE-2026-48858.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48858
NOTE: Fixed by: https://github.com/erlang/otp/commit/2691a806231ffd0490a8a9e20500dec0c7e73727 (OTP-29.0.2, OTP-28.5.0.2)
NOTE: Fixed by: https://github.com/erlang/otp/commit/521bcfa24407ee8cb5614823cf905c37ea3aa605 (OTP-27.3.4.13)
CVE-2026-48856 (Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_respo ...)
- - erlang <unfixed>
+ - erlang <unfixed> (bug #1139727)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh
NOTE: https://cna.erlef.org/cves/CVE-2026-48856.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48856
NOTE: Fixed by: https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b662a1d3de8af97079612 (OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
CVE-2026-48855 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- - erlang <unfixed>
+ - erlang <unfixed> (bug #1139727)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh
NOTE: https://cna.erlef.org/cves/CVE-2026-48855.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48855
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2116830b941affe00aeaeb005cdad6513a1c3a12
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2116830b941affe00aeaeb005cdad6513a1c3a12
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/af105e8c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list