[Git][security-tracker-team/security-tracker][master] Track fixed version for erlang issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 12 19:56:05 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bf97fb0b by Salvatore Bonaccorso at 2026-06-12T20:55:37+02:00
Track fixed version for erlang issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -806,12 +806,12 @@ CVE-2026-49822 (Fission is an open-source, Kubernetes-native serverless framewor
CVE-2026-49821 (Fission is an open-source, Kubernetes-native serverless framework that ...)
NOT-FOR-US: Fission
CVE-2026-49760 (Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49760
NOTE: https://cna.erlef.org/cves/CVE-2026-49760.html
NOTE: Fixed by: https://github.com/erlang/otp/commit/0bef277b2d39dc8babb9ceb4f5d0a456f3007111 (OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
CVE-2026-49759 (Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE: https://cna.erlef.org/cves/CVE-2026-49759.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-49759
NOTE: Fixed by: https://github.com/erlang/otp/commit/3983d495284331c121f600a80bac9fcf4e16381e (OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
@@ -826,7 +826,7 @@ CVE-2026-49495 (Ghidra 10.2 before 12.1 contains an uncontrolled resource consum
CVE-2026-49069 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48860 (Reliance on IP Address for Authentication vulnerability in Erlang/OTP ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv
NOTE: https://cna.erlef.org/cves/CVE-2026-48860.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48860
@@ -838,20 +838,20 @@ CVE-2026-48859 (Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (s
NOTE: Introduced with: https://github.com/erlang/otp/commit/032d1bc9491a3975c68faf9bc7776115d6ae3005 (OTP-29.0-rc2)
NOTE: Fixed by: https://github.com/erlang/otp/commit/c342092ef4b369bb409d5b71ac8fd83bab74aedf (OTP-29.0.2)
CVE-2026-48858 (Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ft ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq
NOTE: https://cna.erlef.org/cves/CVE-2026-48858.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48858
NOTE: Fixed by: https://github.com/erlang/otp/commit/2691a806231ffd0490a8a9e20500dec0c7e73727 (OTP-29.0.2, OTP-28.5.0.2)
NOTE: Fixed by: https://github.com/erlang/otp/commit/521bcfa24407ee8cb5614823cf905c37ea3aa605 (OTP-27.3.4.13)
CVE-2026-48856 (Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_respo ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh
NOTE: https://cna.erlef.org/cves/CVE-2026-48856.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48856
NOTE: Fixed by: https://github.com/erlang/otp/commit/688d748d6f7a6a06b13b662a1d3de8af97079612 (OTP-29.0.2, OTP-28.5.0.2, OTP-27.3.4.13)
CVE-2026-48855 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- - erlang <unfixed> (bug #1139727)
+ - erlang 1:29.0.2+dfsg-1 (bug #1139727)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh
NOTE: https://cna.erlef.org/cves/CVE-2026-48855.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-48855
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf97fb0b20d5ca0a0763df19904cc31f8e7071b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf97fb0b20d5ca0a0763df19904cc31f8e7071b6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/8d107612/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list