proj: MUNGE
subj: [vs] MUNGE buffer overflow - embargo until 2026-02-10
trep: Wed Feb 04 00:30:33 2026
cves: CVE-2026-25506
tcrd: 2026-02-10 18:00 UTC (Tue, 10:00 PST)
toss: Tue Feb 10 18:33:01 2026
soss: [oss-security] CVE-2026-25506: MUNGE 0.5-0.5.17 buffer overflow allowing key leakage
loss: https://www.openwall.com/lists/oss-security/2026/02/10/3

proj: MIT/Heimdal Kerberos
subj: [vs] Critical Kerberos Credential Theft (ADV-2026-005)
trep: Thu Feb 05 09:24:27 2026
cves: ADV-2026-005
tcrd: 2026-02-18
toss: Thu Feb 19 01:15:03 2026
soss: [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks
loss: https://www.openwall.com/lists/oss-security/2026/02/19/2

proj: OpenStack
subj: [vs] ...
trep: Thu Feb 05 21:18:36 2026
cves: CVE-2026-24708
tcrd: 2026-02-17 1500UTC
toss: Tue Feb 17 15:01:45 2026
soss: [oss-security] [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708)
loss: https://www.openwall.com/lists/oss-security/2026/02/17/1

proj: Linux
subj: [vs-plain] Multiple vulnerabilities in AppArmor
trep: Thu Feb 26 18:01:06 2026
tcrd: Tuesday, March 3, 17:00 UTC \\ when the patches are published upstream in Linus's tree, in a few days and definitely before the maximum 14-day embargo \\ will almost certainly be published upstream in Linus's tree on Tuesday, March 10 \\ wait until the patches appear in Linus's tree, even if the maximum 14-day embargo is slightly exceeded
toss: Thu Mar 12 21:34:11 2026
soss: [oss-security] Re: Multiple vulnerabilities in AppArmor
loss: https://www.openwall.com/lists/oss-security/2026/03/12/7