proj: Linux
subj: [vs-plain] Dirty Frag: Universal LPE on all major Linux distributions
trep: Thu May 07 15:01:30 2026
cves: Dirty Frag, CVE-2026-43284, CVE-2026-43500
tcrd: embargo of 5 days \\ go out with fixes ASAP
toss: Thu May 07 18:59:34 2026
soss: [oss-security] Dirty Frag: Universal Linux LPE
loss: https://www.openwall.com/lists/oss-security/2026/05/07/8

proj: Exim
subj: [vs] EXIM-Security-2026-05-01.1: security release 4.99.3 ahead
trep: Thu May 07 22:00:56 2026
cves: EXIM-Security-2026-05-01.1, CVE-2026-45185
tcrd: Tuesday, May 12, 2026, at 14:00 UTC
toss: Tue May 12 14:15:13 2026
soss: [oss-security] [EXIM-Security-2026-05-01.1] Security Release 4.99.3
loss: https://www.openwall.com/lists/oss-security/2026/05/12/4

proj: rsync
subj: [vs-plain] rsync 3.4.3 - 5 CVEs (CVE-2026-29518, CVE-2026-43617, -43618, -43619, -43620) - embargo until 2026-05-20 00:00 UTC
trep: Fri May 08 00:53:29 2026
cves: CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620
tcrd: 2026-05-20 at 00:00 UTC (10:00 AEST, Wednesday morning Canberra time)
toss: Wed May 20 09:26:30 2026
soss: [oss-security] rsync 3.4.3 released: six CVEs (CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232)
loss: https://www.openwall.com/lists/oss-security/2026/05/20/6

proj: OpenStack Keystone
subj: [vs] ...
trep: Thu May 14 18:51:47 2026
cves: CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394
tcrd: 2026-05-28, 1500UTC
toss: Thu May 28 20:56:12 2026
soss: [oss-security] [OSSA-2026-015] OpenStack Keystone: Multiple credential delegation and authorization bypass vulnerabilities (CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394)
loss: https://www.openwall.com/lists/oss-security/2026/05/28/7

proj: Linux
subj: [vs-plain] Logic bug in the Linux kernel's __ptrace_may_access()
trep: Thu May 14 22:58:25 2026
cves: CVE-2026-46333
tcrd: Wednesday, May 20 \\ now
toss: Fri May 15 02:21:01 2026
soss: [oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function
loss: https://www.openwall.com/lists/oss-security/2026/05/15/2

proj: Linux
subj: [vs-plain] net/tls: Use-After-Free via TOCTOU race in tls_sk_proto_close (local privilege escalation, no privs)
trep: Sat May 16 17:36:41 2026
tcrd: 2026-05-30
toss: Tue Jun 02 20:52:02 2026
soss: [oss-security] Linux kernel TLS ULP use-after-free in tls_sk_proto_close()
loss: https://www.openwall.com/lists/oss-security/2026/06/02/12

proj: BIND 9
subj: [vs] ...
trep: Mon May 18 18:35:58 2026
cves: CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950
tcrd: 20 May 2026
toss: Wed May 20 13:56:59 2026
soss: [oss-security] ISC has disclosed six vulnerabilities in BIND 9 (CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950)
loss: https://www.openwall.com/lists/oss-security/2026/05/20/11

proj: Kata Containers runtime-rs
subj: [vs-plain] Vulnerability in Kata Containers runtime-rs (GHSA-2gv2-cffp-j227)
trep: Mon May 18 19:12:13 2026
cves: GHSA-2gv2-cffp-j227, CVE-2026-47243
tcrd: 2026-05-21 1900UTC
toss: Thu May 21 18:27:40 2026
soss: [oss-security] CVE-2026-47243: Kata Containers runtime-rs 3.30: virtiofsd symlink escape
loss: https://www.openwall.com/lists/oss-security/2026/05/21/14

proj: Unbound
subj: [vs] ...
trep: Mon May 18 19:36:33 2026
cves: CVE-2026-33278, CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622, CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960, CVE-2026-44390, CVE-2026-44608
tcrd: 20 May 2026
toss: Wed May 20 09:17:52 2026
soss: [oss-security] Unbound: 1.25.1 addresses multiple CVE items
loss: https://www.openwall.com/lists/oss-security/2026/05/20/5

proj: OpenStack
subj: [vs] ...
trep: Thu May 21 16:42:40 2026
cves: CVE-2026-41283
tcrd: 2026-06-03 15:00 UTC
toss: Wed Jun 03 16:51:55 2026
soss: [oss-security] [OSSA-2026-020] OpenStack Mistral: Mistral policy enforcement bypass allows unauthorized public resource creation and arbitrary code execution (CVE-2026-41283)
loss: https://www.openwall.com/lists/oss-security/2026/06/03/14

proj: Linux
subj: [vs-plain] kernel+userspace LPE affecting several distros
trep: Mon May 25 07:59:43 2026
cves: CIFSwitch, CVE-2026-46243
tcrd: Wednesday, May 27, 7pm PT
toss: Thu May 28 07:07:27 2026
soss: [oss-security] CIFSwitch: Linux kernel/cifs-utils local root via forged cifs.spnego upcall
loss: https://www.openwall.com/lists/oss-security/2026/05/28/2

proj: Exim
subj: [vs] ...
trep: Mon May 25 22:41:34 2026
cves: EXIM-Security-2026-05-19.1, CVE-2026-48840
tcrd: Friday, 2026-05-29 14:00 UTC
toss: Fri May 29 14:39:08 2026
soss: [oss-security] CVE-2026-48840: Exim 4.99.4: PROXY-protocol uninitialised-stack information disclosure
loss: https://www.openwall.com/lists/oss-security/2026/05/29/3

proj: OpenSSL
subj: [vs-plain] Embargoed OpenSSL issues
trep: Tue May 26 13:10:13 2026
tcrd: 9th June 2026
toss: Tue Jun 09 16:09:07 2026
soss: [oss-security] OpenSSL Security Advisory
loss: https://www.openwall.com/lists/oss-security/2026/06/09/15

proj: X.Org X server and Xwayland
subj: [vs-plain] Preview of X.Org Security Advisory for 2026-06-02
trep: Wed May 27 00:04:06 2026
tcrd: June 2, 2026 at 00:00 UTC
toss: Tue Jun 02 00:27:21 2026
soss: [oss-security] FW: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland
loss: https://www.openwall.com/lists/oss-security/2026/06/02/1

proj: OpenStack
subj: [vs] ...
trep: Wed May 27 19:21:05 2026
cves: CVE-2026-44917
tcrd: June 3 2026, 1500UTC
toss: Wed Jun 03 16:51:51 2026
soss: [oss-security] [OSSA-2026-019] Ironic: File Extraction from conductor via pxe_template (CVE-2026-44917)
loss: https://www.openwall.com/lists/oss-security/2026/06/03/13

proj: OpenStack
subj: [vs] ...
trep: Wed May 27 19:23:10 2026
cves: CVE-2026-46447
tcrd: June 3 2026, 1500 UTC
toss: Wed Jun 03 16:51:36 2026
soss: [oss-security] [OSSA-2026-017] Ironic: Script injection during node boot via linux command line override (CVE-2026-46447)
loss: https://www.openwall.com/lists/oss-security/2026/06/03/11

proj: OpenStack
subj: [vs] ...
trep: Wed May 27 19:23:11 2026
cves: CVE-2026-48681
tcrd: June 3 2026, 1500UTC
toss: Wed Jun 03 16:51:41 2026
soss: [oss-security] [OSSA-2026-018] Ironic: File overwrite on Ironic conductor via path traversal in ISO handling (CVE-2026-48681)
loss: https://www.openwall.com/lists/oss-security/2026/06/03/12