proj: OpenSSH GSSAPI patch
subj: [vs-plain] OpenSSH GSSAPI patch issue
trep: Thu Mar 05 14:03:20 2026
cves: CVE-2026-3497
tcrd: 2026-03-12 18:00:00 UTC
toss: Thu Mar 12 18:03:39 2026
soss: [oss-security] OpenSSH GSSAPI keyex patch issue
loss: https://www.openwall.com/lists/oss-security/2026/03/12/3

proj: OpenStack Glance
subj: [vs] Vulnerability in OpenStack Glance (CVE-pending)
trep: Thu Mar 05 20:09:33 2026
tcrd: 2026-03-19, 1500UTC
cves: OSSA-2026-004
toss: Thu Mar 19 15:21:06 2026
soss: [oss-security] [OSSA-2026-004] Glance: Server-Side Request Forgery (SSRF) vulnerabilities in OpenStack Glance image import functionality (CVE-2026-pending)
loss: https://www.openwall.com/lists/oss-security/2026/03/19/3

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-1965 (1/3)
trep: Sun Mar 08 09:32:08 2026
cves: CVE-2026-1965
tcrd: March 11, this coming Wednesday
lpub: https://github.com/curl/curl/pull/20534
toss: Wed Mar 11 06:54:50 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-1965: bad reuse of HTTP Negotiate connection
loss: https://www.openwall.com/lists/oss-security/2026/03/11/1

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-3783 (2/3)
trep: Sun Mar 08 09:32:12 2026
cves: CVE-2026-3783
tcrd: March 11, this coming Wednesday
lpub: https://github.com/curl/curl/pull/20843
toss: Wed Mar 11 06:54:55 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-3783: token leak with redirect and netrc
loss: https://www.openwall.com/lists/oss-security/2026/03/11/2

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-3784 (3/3)
trep: Sun Mar 08 09:32:22 2026
cves: CVE-2026-3784
tcrd: March 11, this coming Wednesday
lpub: https://github.com/curl/curl/pull/20837
toss: Wed Mar 11 06:55:00 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-3784: wrong proxy connection reuse with credentials
loss: https://www.openwall.com/lists/oss-security/2026/03/11/3

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-3805 (4/3)
trep: Sun Mar 08 21:56:29 2026
cves: CVE-2026-3805
tcrd: March 11th 2026
lpub: https://github.com/curl/curl/pull/20854
toss: Wed Mar 11 06:55:03 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-3805: use after free in SMB connection reuse
loss: https://www.openwall.com/lists/oss-security/2026/03/11/4

proj: Linux
subj: [vs] ...
trep: Tue Mar 10 10:33:59 2026
tcrd: Sunday March 29, 2026, 16:00 UTC
toss: Mon Mar 30 14:41:08 2026
soss: [oss-security] KVM shadow EPT stale rmap use-after-free
loss: https://www.openwall.com/lists/oss-security/2026/03/30/5

proj: snapd
subj: [vs] LPE in snapd
trep: Thu Mar 12 11:08:29 2026
cves: CVE-2026-3888
tcrd: 2026-03-17 14:00:00 UTC
toss: Tue Mar 17 19:33:32 2026
soss: [oss-security] snap-confine + systemd-tmpfiles = root (CVE-2026-3888)
loss: https://www.openwall.com/lists/oss-security/2026/03/17/8

proj: Linux
subj: [vs-plain] Vulnerability Report: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption
trep: Wed Mar 18 11:54:54 2026
tcrd: March 31st
toss: Thu May 07 04:30:00 2026
soss: [oss-security] Linux kernel: KTLS + sockmap "Reverse Order" Use-After-Free / Data Corruption
loss: https://www.openwall.com/lists/oss-security/2026/05/07/1

proj: Dovecot
subj: [vs] Dovecot Security Advisory 2026-01
trep: Mon Mar 23 14:57:55 2026
cves: CVE-2025-30189, CVE-2025-59028, CVE-2025-59032, CVE-2025-59031, CVE-2026-0394, CVE-2026-27860, CVE-2026-24031, CVE-2026-27859, CVE-2026-27857, CVE-2026-27858, CVE-2026-27856, CVE-2026-27855
tcrd: 27th of March
toss: Fri Mar 27 14:48:06 2026
soss: [oss-security] Dovecot Security Advisory OXDC-2026-0001
loss: https://www.openwall.com/lists/oss-security/2026/03/27/2

proj: Kea
subj: [vs] ...
trep: Tue Mar 24 09:16:10 2026
cves: CVE-2026-3608
tcrd: 25 March 2026
toss: Wed Mar 25 15:16:52 2026
soss: [oss-security] ISC has disclosed one vulnerability in Kea (CVE-2026-3608)
loss: https://www.openwall.com/lists/oss-security/2026/03/25/6

proj: BIND 9
subj: [vs] ...
trep: Tue Mar 24 12:36:27 2026
cves: CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, CVE-2026-3591
tcrd: 25 March 2026
toss: Wed Mar 25 15:16:57 2026
soss: [oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, CVE-2026-3591)
loss: https://www.openwall.com/lists/oss-security/2026/03/25/7

proj: OpenSSL
subj: [vs-plain] Embargoed OpenSSL security issue
trep: Tue Mar 24 15:39:27 2026
tcrd: 7th April 2026
cves: CVE-2026-31790, CVE-2026-28386, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789
toss: Tue Apr 07 16:37:00 2026
soss: [oss-security] OpenSSL Security Advisory
loss: https://www.openwall.com/lists/oss-security/2026/04/07/11

proj: OpenStack Keystone
subj: [vs-plain] Vulnerability in OpenStack Keystone (CVE-2026-33551)
trep: Tue Mar 24 19:28:14 2026
cves: CVE-2026-33551
tcrd: 2026-04-07, 1500UTC
toss: Tue Apr 07 17:43:25 2026
soss: [oss-security] [OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551)
loss: https://www.openwall.com/lists/oss-security/2026/04/07/12

proj: LiteLLM
subj: [vs] ...
trep: Wed Mar 25 14:19:55 2026
cves: x41-2026-001
tcrd: as fast as possible
toss: Thu Apr 09 00:09:16 2026
soss: [oss-security] X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM
loss: https://www.openwall.com/lists/oss-security/2026/04/09/1