[Git][security-tracker-team/security-tracker][master] Add new erlang issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ea4b25e by Salvatore Bonaccorso at 2026-05-28T13:31:37+02:00
Add new erlang issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1111,11 +1111,29 @@ CVE-2026-42879 (FacturaScripts is an open source accounting and invoicing softwa
 CVE-2026-42878 (FacturaScripts is an open source accounting and invoicing software. Pr ...)
 	TODO: check
 CVE-2026-42791 (Improper Certificate Validation vulnerability in Erlang OTP public_key ...)
-	TODO: check
+	- erlang 1:27.3.4.12+dfsg-1
+	[bookworm] - erlang <not-affected> (Vulnerable code not present)
+	[bullseye] - erlang <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff
+	NOTE: https://cna.erlef.org/cves/CVE-2026-42791.html
+	NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-42791
+	NOTE: https://github.com/erlang/otp/commit/7995f1fdaee3da569bb810358ce0f546471d169b (OTP-27.3.4.12)
+	NOTE: https://github.com/erlang/otp/commit/b3870e02405c709a872b01ba6086065620cdfe76 (OTP-29.0.1, OTP-28.5.0.1)
 CVE-2026-42790 (Improper Certificate Validation vulnerability in Erlang OTP public_key ...)
-	TODO: check
+	- erlang 1:27.3.4.12+dfsg-1
+	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447
+	NOTE: https://cna.erlef.org/cves/CVE-2026-42790.html
+	NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-42790
+	NOTE: https://github.com/erlang/otp/commit/0769050c69d73762672b0db1347b6993a5b31759 (OTP-26.2.5.21)
+	NOTE: https://github.com/erlang/otp/commit/fb67c6d1836f51105a96d8b769e71e4215a79457 (OTP-27.3.4.12)
+	NOTE: https://github.com/erlang/otp/commit/21abed64eb2026b5f82f432709e4e932f9be389a (OTP-29.0.1, OTP-28.5.0.1)
 CVE-2026-42789 (Improper Following of a Certificate's Chain of Trust vulnerability in  ...)
-	TODO: check
+	- erlang 1:27.3.4.12+dfsg-1
+	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq
+	NOTE: https://cna.erlef.org/cves/CVE-2026-42789.html
+	NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-42789
+	NOTE: https://github.com/erlang/otp/commit/471cd2f664300a95353c467873800bbe706005db (OTP-26.2.5.21)
+	NOTE: https://github.com/erlang/otp/commit/59c8d824386b2eb1614ff9340624843ef6aca0fd (OTP-29.0.1, OTP-28.5.0.1, OTP-27.3.4.12)
 CVE-2026-42762 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42761 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea4b25e38faaf197b58cb52469348989affc841

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ea4b25e38faaf197b58cb52469348989affc841
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260528/58b5260d/attachment.htm>