[Git][security-tracker-team/security-tracker][master] Track fixes for radare2 via experimental

Fri May 15 22:07:00 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53a0aac0 by Salvatore Bonaccorso at 2026-05-15T23:06:28+02:00
Track fixes for radare2 via experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14380,10 +14380,12 @@ CVE-2026-6947 (DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force
 CVE-2026-6942 (radare2-mcp version 1.6.0 and earlier contains an os command injection ...)
 	NOT-FOR-US: radare2-mcp
 CVE-2026-6941 (radare2 prior to 6.1.4 contains a path traversal vulnerability in its  ...)
+	[experimental] - radare2 6.1.4+ds-1
 	- radare2 <unfixed> (bug #1134886)
 	NOTE: https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4
 	NOTE: https://github.com/radareorg/radare2/pull/25831
 CVE-2026-6940 (radare2 prior to 6.1.4 contains a path traversal vulnerability in proj ...)
+	[experimental] - radare2 6.1.4+ds-1
 	- radare2 <unfixed> (bug #1134885)
 	NOTE: https://github.com/radareorg/radare2/pull/25830
 	NOTE: https://github.com/radareorg/radare2/commit/e5fcf56fe038760c872c6dbed432602778fde1ed
@@ -14983,6 +14985,7 @@ CVE-2026-40882 (OpenRemote is an open-source internet-of-things platform. Prior
 CVE-2026-40529 (CMS ALAYA provided by KANATA Limited contains an SQL injection vulnera ...)
 	NOT-FOR-US: CMS ALAYA
 CVE-2026-40517 (radare2 prior to 6.1.4 contains a command injection vulnerability in t ...)
+	[experimental] - radare2 6.1.4+ds-1
 	- radare2 <unfixed> (bug #1134893)
 	NOTE: https://github.com/radareorg/radare2/issues/25730
 	NOTE: https://github.com/radareorg/radare2/pull/25731
@@ -17894,6 +17897,7 @@ CVE-2026-40581 (ChurchCRM is an open-source church management system. In version
 CVE-2026-40572 (NovumOS is a custom 32-bit operating system written in Zig and x86 Ass ...)
 	NOT-FOR-US: NovumOS
 CVE-2026-40527 (radare2 prior to commit bc5a890 contains a command injection vulnerabi ...)
+	[experimental] - radare2 6.1.4+ds-1
 	- radare2 <unfixed> (bug #1134621)
 	NOTE: https://github.com/radareorg/radare2/pull/25821
 	NOTE: https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683
@@ -19233,6 +19237,7 @@ CVE-2026-40683 (In OpenStack Keystone before 28.0.1, the LDAP identity backend d
 	[bookworm] - keystone <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://review.opendev.org/c/openstack/keystone/+/958205
 CVE-2026-40499 (radare2 prior to version 6.1.4 contains a command injection vulnerabil ...)
+	[experimental] - radare2 6.1.4+ds-1
 	- radare2 <unfixed> (bug #1134622)
 	NOTE: https://github.com/radareorg/radare2/pull/25731
 	NOTE: https://github.com/radareorg/radare2/issues/25752
@@ -36758,6 +36763,7 @@ CVE-2026-4180 (A vulnerability was identified in D-Link DIR-816 1.10CNB05. The i
 CVE-2026-4175 (A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The af ...)
 	NOT-FOR-US: Aureus ERP
 CVE-2026-4174 (A vulnerability has been found in Radare2 5.9.9. This issue affects th ...)
+	[experimental] - radare2 6.1.4+ds-1
 	- radare2 <unfixed> (bug #1132232)
 	NOTE: https://github.com/radareorg/radare2/issues/25482
 	NOTE: Fixed by: https://github.com/radareorg/radare2/commit/4371ae84c99c46b48cb21badbbef06b30757aba0 (6.1.2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53a0aac0b21b7ac9665f4f5e82bbd12b1b3eee8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53a0aac0b21b7ac9665f4f5e82bbd12b1b3eee8a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/d05fa59c/attachment.htm>
