[Git][security-tracker-team/security-tracker][master] Add three new erlang issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d2321a3 by Salvatore Bonaccorso at 2026-03-15T15:24:56+01:00
Add three new erlang issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -529,11 +529,23 @@ CVE-2026-26954 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, i
 CVE-2026-24097 (Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0 ...)
 	- check-mk <removed>
 CVE-2026-23943 (Improper Handling of Highly Compressed Data (Compression Bomb) vulnera ...)
-	TODO: check
+	- erlang <unfixed>
+	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r
+	NOTE: Fixed by: https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1 (OTP-28.4.1)
+	NOTE: Fixed by: https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3 (OTP-27.3.4.9)
+	NOTE: Fixed by: https://github.com/erlang/otp/commit/0c1c04b191f6ab940e8fcfabce39eb5a8a6440a4 (OTP-26.2.5.18)
 CVE-2026-23942 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	- erlang <unfixed>
+	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h
+	NOTE: Fixed by: https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b (OTP-28.4.1)
+	NOTE: Fixed by: https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28 (OTP-27.3.4.9)
+	NOTE: Fixed by: https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759 (OTP-26.2.5.18)
 CVE-2026-23941 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...)
-	TODO: check
+	- erlang <unfixed>
+	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7
+	NOTE: Fixed by: https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18 (OTP-28.4.1)
+	NOTE: Fixed by: https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b (OTP-27.3.4.9)
+	NOTE: Fixee by: https://github.com/erlang/otp/commit/e775a332f623851385ab6ddb866d9b150612ddf6 (OTP-26.2.5.18)
 CVE-2026-23940 (Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm a ...)
 	TODO: check
 CVE-2026-1668 (The web interface on multiple Omada switches does not adequately valid ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2321a35cafcf434bc3dcb00db7c622dcd9641c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d2321a35cafcf434bc3dcb00db7c622dcd9641c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260315/f1d1f1f2/attachment.htm>