proj: OVN
subj: [vs-plain] CVE-2026-5367: Heap Over-Read in ICMP Error Response Generation
trep: Tue Apr 07 08:04:14 2026
cves: CVE-2026-5265
tcrd: 13-Apr-2026 \\ 20-Apr-2026
toss: Mon Apr 20 15:51:53 2026
soss: [oss-security] [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation
loss: https://www.openwall.com/lists/oss-security/2026/04/20/2

proj: OVN
subj: [vs-plain] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing
trep: Tue Apr 07 08:04:18 2026
cves: CVE-2026-5367
tcrd: 13-Apr-2026 \\ 20-Apr-2026
toss: Mon Apr 20 15:52:03 2026
soss: [oss-security] [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing
loss: https://www.openwall.com/lists/oss-security/2026/04/20/3

proj: X.Org X server and Xwayland
subj: [vs-plain] Embargoed X.Org Security Advisory: Multiple security issues in X.Org X server and Xwayland for 2026-04-14
trep: Tue Apr 07 08:20:45 2026
cves: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003
tcrd: 2026-04-14 at 13:00 UTC
toss: Tue Apr 14 15:38:28 2026
soss: [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland
loss: https://www.openwall.com/lists/oss-security/2026/04/14/8

proj: GNU sed
subj: [vs-plain] GNU sed: CVE-2026-5958: TOCTOU race in sed -i --follow-symlinks
trep: Sat Apr 11 01:40:42 2026
cves: CVE-2026-5958
tcrd: 2026-04-19 \\ the 20th
tpub: Wed Apr 22 02:00:45 2026
lpub: https://savannah.gnu.org/news/?id=10885
toss: Wed May 13 01:14:29 2026
soss: [oss-security] CVE-2026-5958: GNU sed: TOCTOU race in sed -i --follow-symlinks
loss: https://www.openwall.com/lists/oss-security/2026/05/13/1

proj: libXpm
subj: [vs-plain] Embargoed X.Org Security Advisory: Security issue in libXpm for 2026-04-21
trep: Tue Apr 14 17:09:39 2026
cves: CVE-2026-4367
tcrd: 2026-04-21 at 13:00 UTC
toss: Tue Apr 21 16:30:10 2026
soss: [oss-security] Fwd: X.Org Security Advisory: CVE-2026-4367: libXpm Out-of-bounds read in xpmNextWord()
loss: https://www.openwall.com/lists/oss-security/2026/04/21/3

proj: ntfs-3g
subj: [vs] ...
trep: Thu Apr 16 10:27:32 2026
cves: CVE-2026-40706, GHSA-4cwv-5285-63v9
tcrd: April 21st (2026-04-21) 12:00 UTC
toss: Tue Apr 21 16:30:37 2026
soss: [oss-security] CVE-2026-40706: ntfs-3g 2022.10.3: Heap buffer overflow
loss: https://www.openwall.com/lists/oss-security/2026/04/21/4

proj: Kata Containers
subj: [vs-plain] Vulnerability in Kata Containers (CVE Requested)
trep: Thu Apr 16 13:42:39 2026
cves: CVE-2026-41326
tcrd: 2026-04-22, 1800 UTC
tpub: Wed Apr 22 19:55:00 2026
lpub: https://github.com/kata-containers/kata-containers/security/advisories/GHSA-q49m-57vm-c8cc
toss: Wed May 13 01:31:41 2026
soss: [oss-security] CVE-2026-41326: Kata Containers: CopyFile Policy Subversion via Symlinks
loss: https://www.openwall.com/lists/oss-security/2026/05/13/2

proj: PackageKit
subj: [vs] ...
trep: Sun Apr 19 01:11:19 2026
cves: CVE-2026-41651
tcrd: next Wednesday (22.04.2026) \\ 22.04.2026, after 12:00 CEST (12:00 PM, 12:00 24h format)
toss: Wed Apr 22 15:38:54 2026
soss: [oss-security] CVE-2026-41651: TOCTOU vulnerability in PackageKit <= 1.3.4 leads to local root exploit
loss: https://www.openwall.com/lists/oss-security/2026/04/22/6

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-4873 (1/6)
trep: Thu Apr 23 06:08:11 2026
cves: CVE-2026-4873
tcrd: April 29
lpub: https://github.com/curl/curl/commit/507e7be573b0a76fca597b75
toss: Wed Apr 29 06:01:05 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-4873: connection reuse ignores TLS requirement
loss: https://www.openwall.com/lists/oss-security/2026/04/29/7

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-5545 (2/6)
trep: Thu Apr 23 06:08:16 2026
cves: CVE-2026-5545
tcrd: April 29
lpub: https://github.com/curl/curl/commit/33e43985b8f3b9e6669
toss: Wed Apr 29 06:01:12 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection
loss: https://www.openwall.com/lists/oss-security/2026/04/29/8

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-5773 (3/6)
trep: Thu Apr 23 06:08:24 2026
cves: CVE-2026-5773
tcrd: April 29
lpub: https://github.com/curl/curl/commit/74a169575d6412d
toss: Wed Apr 29 06:01:18 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-5773: wrong reuse of SMB connection
loss: https://www.openwall.com/lists/oss-security/2026/04/29/9

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-6253 (4/6)
trep: Thu Apr 23 06:08:31 2026
cves: CVE-2026-6253
tcrd: April 29
lpub: https://github.com/curl/curl/commit/188c2f166a20fa97c2325
toss: Wed Apr 29 06:01:23 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-6253: proxy credentials leak over redirect-to proxy
loss: https://www.openwall.com/lists/oss-security/2026/04/29/11

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-6276 (5/6)
trep: Thu Apr 23 06:08:39 2026
cves: CVE-2026-6276
tcrd: April 29
lpub: https://github.com/curl/curl/commit/3a19987a87f393d9394fe5ac
toss: Wed Apr 29 06:01:27 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-6276: stale custom cookie host causes cookie leak
loss: https://www.openwall.com/lists/oss-security/2026/04/29/13

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2026-6429 (6/6)
trep: Thu Apr 23 06:08:46 2026
cves: CVE-2026-6429
tcrd: April 29
lpub: https://github.com/curl/curl/commit/b4024bf808bd558026fdc6
toss: Wed Apr 29 06:01:19 2026
soss: [oss-security] [ADVISORY] curl: CVE-2026-6429: netrc credential leak with reused proxy connection
loss: https://www.openwall.com/lists/oss-security/2026/04/29/10

proj: Exim
subj: [vs-plain] EXIM-Security-2026-04-24
trep: Fri Apr 24 15:09:46 2026
cves: CVE-2026-40684, CVE-2026-40685, CVE-2026-40686, CVE-2026-40687
tcrd: next Wednesday, 2026-04-29T12:00:00+0000
toss: Thu Apr 30 18:21:42 2026
soss: [oss-security] Exim 4.99.2 fixes 4 CVEs
loss: https://www.openwall.com/lists/oss-security/2026/04/30/21

proj: OpenStack Cyborg
subj: [vs] ...
trep: Thu Apr 30 15:02:08 2026
cves: CVE-2026-40213, CVE-2026-40214
tcrd: 2026-05-07, 1500UTC
toss: Thu May 07 18:27:34 2026
soss: [oss-security] [OSSA-2026-011] OpenStack Cyborg: Multiple access control vulnerabilities in Cyborg accelerator management (CVE-2026-40213, CVE-2026-40214)
loss: https://www.openwall.com/lists/oss-security/2026/05/07/6