Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8812f4de by Salvatore Bonaccorso at 2026-07-02T22:48:14+02:00
Add new erlang issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -207,7 +207,11 @@ CVE-2026-55952 (The Erlang/OTP ssl application does not 
validate that the PSK id
        NOTE: 
https://github.com/erlang/otp/commit/2c3e599797644310e5d4aa39c7193420e59dadff 
(OTP-28.5.0.3)
        NOTE: 
https://github.com/erlang/otp/commit/9b5437c72fa3403a75c1aba28e5c532bc191c662 
(OTP-27.3.4.14)
 CVE-2026-55950 (Time-of-check Time-of-use (TOCTOU) race condition 
vulnerability in Erl ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-hwfc-5hf4-gvr3
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-55950
+       NOTE: https://cna.erlef.org/cves/CVE-2026-55950.html
+       NOTE: 
https://github.com/erlang/otp/commit/e44d2bf01c4473ef2ea7f09e3523cf96de6e4a04 
(OTP-29.0.3, OTP-28.5.0.3, OTP-27.3.4.14)
 CVE-2026-55119 (A malicious actor with access to the network and low 
privileges could  ...)
        NOT-FOR-US: UniFi
 CVE-2026-55118 (A malicious actor with access to the network,low privileges 
and under  ...)
@@ -229,11 +233,23 @@ CVE-2026-55111 (A malicious actor with access to the 
network could exploit a Pat
 CVE-2026-55110 (A malicious actor who lures an authenticated user to a 
malicious page  ...)
        NOT-FOR-US: UniFi
 CVE-2026-54891 (Improper Enforcement of Message Integrity During Transmission 
in a Com ...)
-       TODO: check
+        - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-gf6r-99xw-6qg6
+       NOTE: https://cna.erlef.org/cves/CVE-2026-54891.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-54891
+       NOTE: 
https://github.com/erlang/otp/commit/07d2d0e93f6aaf7652a81e8df075fc1728da5e96 
(OTP-29.0.3, OTP-28.5.0.3, OTP-27.3.4.14)
 CVE-2026-54887 (Use of Default Cryptographic Key vulnerability in Erlang/OTP 
ssl (DTLS ...)
-       TODO: check
+        - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-p2m2-3c2w-8jp8
+       NOTE: https://cna.erlef.org/cves/CVE-2026-54887.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-54887
+       NOTE: 
https://github.com/erlang/otp/commit/888e3bcd72d5406016b9e0de741026bc2a6f114d 
(OTP-29.0.3, OTP-28.5.0.3, OTP-27.3.4.14)
 CVE-2026-54886 (Loop with Unreachable Exit Condition ('Infinite Loop') 
vulnerability i ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-7wp4-pc27-2vj9
+       NOTE: https://cna.erlef.org/cves/CVE-2026-54886.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-54886
+       NOTE: 
https://github.com/erlang/otp/commit/eaf9550b8ad4738b81149d3f617102d980c6dd18 
(OTP-29.0.3, OTP-28.5.0.3, OTP-27.3.4.14)
 CVE-2026-54431 (In liboauth2 the Demonstrating Proof-of-Possession (DPoP) 
verifier acc ...)
        - liboauth2 2.3.0-1
        NOTE: Fixed by: 
https://github.com/OpenIDC/liboauth2/commit/c0b57152ed6a0af33aeb04a60bd7f5bff5ab8800
 (v2.3.0)
@@ -261,7 +277,13 @@ CVE-2026-54401 (A malicious actor with access to the 
network and low privileges
 CVE-2026-54400 (A malicious actor with access to the network and high 
privileges could ...)
        NOT-FOR-US: UniFi
 CVE-2026-53422 (Observable Response Discrepancy vulnerability in Erlang OTP 
ssh (ssh_s ...)
-       TODO: check
+       - erlang <unfixed>
+       NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-h9pw-h5w4-h976
+       NOTE: https://cna.erlef.org/cves/CVE-2026-53422.html
+       NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-53422
+       NOTE: 
https://github.com/erlang/otp/commit/059e5785ef8c1d423820ca633fb7b37f47645172 
(OTP-29.0.3)
+       NOTE: 
https://github.com/erlang/otp/commit/c5a8f50ae68888ff243c5c741a06d2b3a4b48b7a 
(OTP-28.5.0.3)
+       NOTE: 
https://github.com/erlang/otp/commit/86622cfaacf57a02c7645d1999f946846b504c94 
(OTP-27.3.4.14)
 CVE-2026-50748 (A malicious actor with access to the network and low 
privileges could  ...)
        NOT-FOR-US: UniFi
 CVE-2026-50747 (A malicious actor with access to the network and low 
privileges could  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8812f4de780a0def1eff3285218f1a7b68167e0c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8812f4de780a0def1eff3285218f1a7b68167e0c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to