[[mailing-lists:distros:stats:2026]]
 
Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

mailing-lists:distros:stats:2026 [2026/02/09 06:11]
solar created with data for 2026-01 		mailing-lists:distros:stats:2026 [2026/06/20 05:44] (current)
solar add 2026-05
Line 7: Line 7:
 ^ Month ^ All reports ^ Embargoed ^ Average ^ Median ^ Min ^ Max embargo days ^ ^ Month ^ All reports ^ Embargoed ^ Average ^ Median ^ Min ^ Max embargo days ^
 | 2026-01 | 3 | 3 | 7.42 | 6.81 | 1.28 | 14.15 | | 2026-01 | 3 | 3 | 7.42 | 6.81 | 1.28 | 14.15 |
-Total 7.42 | 6.81 | 1.28 | 14.15 |+2026-02 ​11.57 | 12.70 | 6.75 | 14.15 | 
 +| 2026-03 | 15 | 15 | 10.40 | 5.35 | 1.11 49.69 | 
 +| 2026-04 | 16 | 16 | 9.84 | 6.06 | 3.60 | 31.98 | 
 +| 2026-05 | 17 | 17 | 6.79 | 6.02 | 0.14 | 17.14 | 
 +| Total | 55 | 55 | 9.04 | 6.75 | 0.14 | 49.69 |
  
 Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros,​ which in 2026 didn't occur yet) are (would be) excluded from the calculation of average, median, and minimum embargo duration above. Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros,​ which in 2026 didn't occur yet) are (would be) excluded from the calculation of average, median, and minimum embargo duration above.
Line 21: Line 25:
 | OpenSSL | [vs-plain] Embargoed OpenSSL security issue \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​01/​27/​7|[oss-security] OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796)]] | Tue Jan 13 13:44:01 2026 \\ Tue Jan 27 17:19:21 2026 | 14.15 | 27th January 2026 |  | | OpenSSL | [vs-plain] Embargoed OpenSSL security issue \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​01/​27/​7|[oss-security] OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796)]] | Tue Jan 13 13:44:01 2026 \\ Tue Jan 27 17:19:21 2026 | 14.15 | 27th January 2026 |  |
 | BIND 9 | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​01/​21/​3|[oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-13878)]] | Tue Jan 20 09:27:28 2026 \\ Wed Jan 21 16:14:45 2026 | 1.28 | 21 January 2026 | CVE-2025-13878 | | BIND 9 | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​01/​21/​3|[oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-13878)]] | Tue Jan 20 09:27:28 2026 \\ Wed Jan 21 16:14:45 2026 | 1.28 | 21 January 2026 | CVE-2025-13878 |
 +| MUNGE | [vs] MUNGE buffer overflow - embargo until 2026-02-10 \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​02/​10/​3|[oss-security] CVE-2026-25506:​ MUNGE 0.5-0.5.17 buffer overflow allowing key leakage]] | Wed Feb 04 00:30:33 2026 \\ Tue Feb 10 18:33:01 2026 | 6.75 | 2026-02-10 18:00 UTC (Tue, 10:00 PST) | CVE-2026-25506 |
 +| MIT/Heimdal Kerberos | [vs] Critical Kerberos Credential Theft (ADV-2026-005) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​02/​19/​2|[oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks]] | Thu Feb 05 09:24:27 2026 \\ Thu Feb 19 01:15:03 2026 | 13.66 | 2026-02-18 | ADV-2026-005 |
 +| OpenStack | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​02/​17/​1|[oss-security] [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708)]] | Thu Feb 05 21:18:36 2026 \\ Tue Feb 17 15:01:45 2026 | 11.74 | 2026-02-17 1500UTC | CVE-2026-24708 |
 +| Linux | [vs-plain] Multiple vulnerabilities in AppArmor \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​12/​7|[oss-security] Re: Multiple vulnerabilities in AppArmor]] | Thu Feb 26 18:01:06 2026 \\ Thu Mar 12 21:34:11 2026 | 14.15 | Tuesday, March 3, 17:00 UTC \\ when the patches are published upstream in Linus'​s tree, in a few days and definitely before the maximum 14-day embargo \\ will almost certainly be published upstream in Linus'​s tree on Tuesday, March 10 \\ wait until the patches appear in Linus'​s tree, even if the maximum 14-day embargo is slightly exceeded |  |
 +| OpenSSH GSSAPI patch | [vs-plain] OpenSSH GSSAPI patch issue \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​12/​3|[oss-security] OpenSSH GSSAPI keyex patch issue]] | Thu Mar 05 14:03:20 2026 \\ Thu Mar 12 18:03:39 2026 | 7.17 | 2026-03-12 18:00:00 UTC | CVE-2026-3497 |
 +| OpenStack Glance | [vs] Vulnerability in OpenStack Glance (CVE-pending) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​19/​3|[oss-security] [OSSA-2026-004] Glance: Server-Side Request Forgery (SSRF) vulnerabilities in OpenStack Glance image import functionality (CVE-2026-pending)]] | Thu Mar 05 20:09:33 2026 \\ Thu Mar 19 15:21:06 2026 | 13.80 | 2026-03-19, 1500UTC | OSSA-2026-004 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-1965 (1/3) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​11/​1|[oss-security] [ADVISORY] curl: CVE-2026-1965:​ bad reuse of HTTP Negotiate connection]] \\ [[https://​github.com/​curl/​curl/​pull/​20534]] | Sun Mar 08 09:32:08 2026 \\ Wed Mar 11 06:54:50 2026 | 2.89 | March 11, this coming Wednesday | CVE-2026-1965 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-3783 (2/3) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​11/​2|[oss-security] [ADVISORY] curl: CVE-2026-3783:​ token leak with redirect and netrc]] \\ [[https://​github.com/​curl/​curl/​pull/​20843]] | Sun Mar 08 09:32:12 2026 \\ Wed Mar 11 06:54:55 2026 | 2.89 | March 11, this coming Wednesday | CVE-2026-3783 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-3784 (3/3) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​11/​3|[oss-security] [ADVISORY] curl: CVE-2026-3784:​ wrong proxy connection reuse with credentials]] \\ [[https://​github.com/​curl/​curl/​pull/​20837]] | Sun Mar 08 09:32:22 2026 \\ Wed Mar 11 06:55:00 2026 | 2.89 | March 11, this coming Wednesday | CVE-2026-3784 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-3805 (4/3) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​11/​4|[oss-security] [ADVISORY] curl: CVE-2026-3805:​ use after free in SMB connection reuse]] \\ [[https://​github.com/​curl/​curl/​pull/​20854]] | Sun Mar 08 21:56:29 2026 \\ Wed Mar 11 06:55:03 2026 | 2.37 | March 11th 2026 | CVE-2026-3805 |
 +| Linux | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​30/​5|[oss-security] KVM shadow EPT stale rmap use-after-free]] | Tue Mar 10 10:33:59 2026 \\ Mon Mar 30 14:41:08 2026 | 20.17 | Sunday March 29, 2026, 16:00 UTC |  |
 +| snapd | [vs] LPE in snapd \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​17/​8|[oss-security] snap-confine + systemd-tmpfiles = root (CVE-2026-3888)]] | Thu Mar 12 11:08:29 2026 \\ Tue Mar 17 19:33:32 2026 | 5.35 | 2026-03-17 14:00:00 UTC | CVE-2026-3888 |
 +| Linux | [vs-plain] Vulnerability Report: KTLS + sockmap "​Reverse Order" Use-After-Free / Data Corruption \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​07/​1|[oss-security] Linux kernel: KTLS + sockmap "​Reverse Order" Use-After-Free / Data Corruption]] | Wed Mar 18 11:54:54 2026 \\ Thu May 07 04:30:00 2026 | 49.69 | March 31st |  |
 +| Dovecot | [vs] Dovecot Security Advisory 2026-01 \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​27/​2|[oss-security] Dovecot Security Advisory OXDC-2026-0001]] | Mon Mar 23 14:57:55 2026 \\ Fri Mar 27 14:48:06 2026 | 3.99 | 27th of March | CVE-2025-30189 \\ CVE-2025-59028 \\ CVE-2025-59032 \\ CVE-2025-59031 \\ CVE-2026-0394 \\ CVE-2026-27860 \\ CVE-2026-24031 \\ CVE-2026-27859 \\ CVE-2026-27857 \\ CVE-2026-27858 \\ CVE-2026-27856 \\ CVE-2026-27855 |
 +| Kea | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​25/​6|[oss-security] ISC has disclosed one vulnerability in Kea (CVE-2026-3608)]] | Tue Mar 24 09:16:10 2026 \\ Wed Mar 25 15:16:52 2026 | 1.25 | 25 March 2026 | CVE-2026-3608 |
 +| BIND 9 | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​03/​25/​7|[oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2026-1519,​ CVE-2026-3104,​ CVE-2026-3119,​ CVE-2026-3591)]] | Tue Mar 24 12:36:27 2026 \\ Wed Mar 25 15:16:57 2026 | 1.11 | 25 March 2026 | CVE-2026-1519 \\ CVE-2026-3104 \\ CVE-2026-3119 \\ CVE-2026-3591 |
 +| OpenSSL | [vs-plain] Embargoed OpenSSL security issue \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​07/​11|[oss-security] OpenSSL Security Advisory]] | Tue Mar 24 15:39:27 2026 \\ Tue Apr 07 16:37:00 2026 | 14.04 | 7th April 2026 | CVE-2026-31790 \\ CVE-2026-28386 \\ CVE-2026-28387 \\ CVE-2026-28388 \\ CVE-2026-28389 \\ CVE-2026-28390 \\ CVE-2026-31789 |
 +| OpenStack Keystone | [vs-plain] Vulnerability in OpenStack Keystone (CVE-2026-33551) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​07/​12|[oss-security] [OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551)]] | Tue Mar 24 19:28:14 2026 \\ Tue Apr 07 17:43:25 2026 | 13.93 | 2026-04-07, 1500UTC | CVE-2026-33551 |
 +| LiteLLM | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​09/​1|[oss-security] X41 Advisory X41-2026-001:​ Guardrail Sandbox Escape in LiteLLM]] | Wed Mar 25 14:19:55 2026 \\ Thu Apr 09 00:09:16 2026 | 14.41 | as fast as possible | x41-2026-001 |
 +| OVN | [vs-plain] CVE-2026-5367:​ Heap Over-Read in ICMP Error Response Generation \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​20/​2|[oss-security] [ADVISORY] CVE-2026-5265:​ Heap Over-Read in ICMP Error Response Generation]] | Tue Apr 07 08:04:14 2026 \\ Mon Apr 20 15:51:53 2026 | 13.32 | 13-Apr-2026 \\ 20-Apr-2026 | CVE-2026-5265 |
 +| OVN | [vs-plain] CVE-2026-5367:​ Heap over-read in OVN DHCPv6 Client ID processing \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​20/​3|[oss-security] [ADVISORY] CVE-2026-5367:​ Heap over-read in OVN DHCPv6 Client ID processing]] | Tue Apr 07 08:04:18 2026 \\ Mon Apr 20 15:52:03 2026 | 13.32 | 13-Apr-2026 \\ 20-Apr-2026 | CVE-2026-5367 |
 +| X.Org X server and Xwayland | [vs-plain] Embargoed X.Org Security Advisory: Multiple security issues in X.Org X server and Xwayland for 2026-04-14 \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​14/​8|[oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland]] | Tue Apr 07 08:20:45 2026 \\ Tue Apr 14 15:38:28 2026 | 7.30 | 2026-04-14 at 13:00 UTC | CVE-2026-33999 \\ CVE-2026-34000 \\ CVE-2026-34001 \\ CVE-2026-34002 \\ CVE-2026-34003 |
 +| GNU sed | [vs-plain] GNU sed: CVE-2026-5958:​ TOCTOU race in sed -i --follow-symlinks \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​13/​1|[oss-security] CVE-2026-5958:​ GNU sed: TOCTOU race in sed -i --follow-symlinks]] \\ [[https://​savannah.gnu.org/​news/?​id=10885]] | Sat Apr 11 01:40:42 2026 \\ Wed May 13 01:14:29 2026 \\ Wed Apr 22 02:00:45 2026 | 31.98 \\ 11.01 | 2026-04-19 \\ the 20th | CVE-2026-5958 |
 +| libXpm | [vs-plain] Embargoed X.Org Security Advisory: Security issue in libXpm for 2026-04-21 \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​21/​3|[oss-security] Fwd: X.Org Security Advisory: CVE-2026-4367:​ libXpm Out-of-bounds read in xpmNextWord()]] | Tue Apr 14 17:09:39 2026 \\ Tue Apr 21 16:30:10 2026 | 6.97 | 2026-04-21 at 13:00 UTC | CVE-2026-4367 |
 +| ntfs-3g | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​21/​4|[oss-security] CVE-2026-40706:​ ntfs-3g 2022.10.3: Heap buffer overflow]] | Thu Apr 16 10:27:32 2026 \\ Tue Apr 21 16:30:37 2026 | 5.25 | April 21st (2026-04-21) 12:00 UTC | CVE-2026-40706 \\ GHSA-4cwv-5285-63v9 |
 +| Kata Containers | [vs-plain] Vulnerability in Kata Containers (CVE Requested) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​13/​2|[oss-security] CVE-2026-41326:​ Kata Containers: CopyFile Policy Subversion via Symlinks]] \\ [[https://​github.com/​kata-containers/​kata-containers/​security/​advisories/​GHSA-q49m-57vm-c8cc]] | Thu Apr 16 13:42:39 2026 \\ Wed May 13 01:31:41 2026 \\ Wed Apr 22 19:55:00 2026 | 26.49 \\ 6.26 | 2026-04-22, 1800 UTC | CVE-2026-41326 |
 +| PackageKit | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​22/​6|[oss-security] CVE-2026-41651:​ TOCTOU vulnerability in PackageKit <= 1.3.4 leads to local root exploit]] | Sun Apr 19 01:11:19 2026 \\ Wed Apr 22 15:38:54 2026 | 3.60 | next Wednesday (22.04.2026) \\ 22.04.2026, after 12:00 CEST (12:00 PM, 12:00 24h format) | CVE-2026-41651 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-4873 (1/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​29/​7|[oss-security] [ADVISORY] curl: CVE-2026-4873:​ connection reuse ignores TLS requirement]] \\ [[https://​github.com/​curl/​curl/​commit/​507e7be573b0a76fca597b75]] | Thu Apr 23 06:08:11 2026 \\ Wed Apr 29 06:01:05 2026 | 6.00 | April 29 | CVE-2026-4873 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-5545 (2/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​29/​8|[oss-security] [ADVISORY] curl: CVE-2026-5545:​ wrong reuse of HTTP Negotiate connection]] \\ [[https://​github.com/​curl/​curl/​commit/​33e43985b8f3b9e6669]] | Thu Apr 23 06:08:16 2026 \\ Wed Apr 29 06:01:12 2026 | 6.00 | April 29 | CVE-2026-5545 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-5773 (3/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​29/​9|[oss-security] [ADVISORY] curl: CVE-2026-5773:​ wrong reuse of SMB connection]] \\ [[https://​github.com/​curl/​curl/​commit/​74a169575d6412d]] | Thu Apr 23 06:08:24 2026 \\ Wed Apr 29 06:01:18 2026 | 6.00 | April 29 | CVE-2026-5773 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-6253 (4/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​29/​11|[oss-security] [ADVISORY] curl: CVE-2026-6253:​ proxy credentials leak over redirect-to proxy]] \\ [[https://​github.com/​curl/​curl/​commit/​188c2f166a20fa97c2325]] | Thu Apr 23 06:08:31 2026 \\ Wed Apr 29 06:01:23 2026 | 6.00 | April 29 | CVE-2026-6253 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-6276 (5/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​29/​13|[oss-security] [ADVISORY] curl: CVE-2026-6276:​ stale custom cookie host causes cookie leak]] \\ [[https://​github.com/​curl/​curl/​commit/​3a19987a87f393d9394fe5ac]] | Thu Apr 23 06:08:39 2026 \\ Wed Apr 29 06:01:27 2026 | 6.00 | April 29 | CVE-2026-6276 |
 +| curl | [vs-plain] : pre-notification curl CVE-2026-6429 (6/6) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​29/​10|[oss-security] [ADVISORY] curl: CVE-2026-6429:​ netrc credential leak with reused proxy connection]] \\ [[https://​github.com/​curl/​curl/​commit/​b4024bf808bd558026fdc6]] | Thu Apr 23 06:08:46 2026 \\ Wed Apr 29 06:01:19 2026 | 5.99 | April 29 | CVE-2026-6429 |
 +| Exim | [vs-plain] EXIM-Security-2026-04-24 \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​04/​30/​21|[oss-security] Exim 4.99.2 fixes 4 CVEs]] | Fri Apr 24 15:09:46 2026 \\ Thu Apr 30 18:21:42 2026 | 6.13 | next Wednesday, 2026-04-29T12:​00:​00+0000 | CVE-2026-40684 \\ CVE-2026-40685 \\ CVE-2026-40686 \\ CVE-2026-40687 |
 +| OpenStack Cyborg | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​07/​6|[oss-security] [OSSA-2026-011] OpenStack Cyborg: Multiple access control vulnerabilities in Cyborg accelerator management (CVE-2026-40213,​ CVE-2026-40214)]] | Thu Apr 30 15:02:08 2026 \\ Thu May 07 18:27:34 2026 | 7.14 | 2026-05-07, 1500UTC | CVE-2026-40213 \\ CVE-2026-40214 |
 +| Linux | [vs-plain] Dirty Frag: Universal LPE on all major Linux distributions \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​07/​8|[oss-security] Dirty Frag: Universal Linux LPE]] | Thu May 07 15:01:30 2026 \\ Thu May 07 18:59:34 2026 | 0.17 | embargo of 5 days \\ go out with fixes ASAP | Dirty Frag \\ CVE-2026-43284 \\ CVE-2026-43500 |
 +| Exim | [vs] EXIM-Security-2026-05-01.1:​ security release 4.99.3 ahead \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​12/​4|[oss-security] [EXIM-Security-2026-05-01.1] Security Release 4.99.3]] | Thu May 07 22:00:56 2026 \\ Tue May 12 14:15:13 2026 | 4.68 | Tuesday, May 12, 2026, at 14:00 UTC | EXIM-Security-2026-05-01.1 \\ CVE-2026-45185 |
 +| rsync | [vs-plain] rsync 3.4.3 - 5 CVEs (CVE-2026-29518,​ CVE-2026-43617,​ -43618, -43619, -43620) - embargo until 2026-05-20 00:00 UTC \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​20/​6|[oss-security] rsync 3.4.3 released: six CVEs (CVE-2026-29518,​ CVE-2026-43617,​ CVE-2026-43618,​ CVE-2026-43619,​ CVE-2026-43620,​ CVE-2026-45232)]] | Fri May 08 00:53:29 2026 \\ Wed May 20 09:26:30 2026 | 12.36 | 2026-05-20 at 00:00 UTC (10:00 AEST, Wednesday morning Canberra time) | CVE-2026-29518 \\ CVE-2026-43617 \\ CVE-2026-43618 \\ CVE-2026-43619 \\ CVE-2026-43620 |
 +| OpenStack Keystone | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​28/​7|[oss-security] [OSSA-2026-015] OpenStack Keystone: Multiple credential delegation and authorization bypass vulnerabilities (CVE-2026-42998,​ CVE-2026-42999,​ CVE-2026-43000,​ CVE-2026-43001,​ CVE-2026-44394)]] | Thu May 14 18:51:47 2026 \\ Thu May 28 20:56:12 2026 | 14.09 | 2026-05-28, 1500UTC | CVE-2026-42998 \\ CVE-2026-42999 \\ CVE-2026-43000 \\ CVE-2026-43001 \\ CVE-2026-44394 |
 +| Linux | %%[vs-plain] Logic bug in the Linux kernel'​s __ptrace_may_access()%% \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​15/​2|[oss-security] Logic bug in the Linux kernel'​s __ptrace_may_access() function]] | Thu May 14 22:58:25 2026 \\ Fri May 15 02:21:01 2026 | 0.14 | Wednesday, May 20 \\ now | CVE-2026-46333 |
 +| Linux | [vs-plain] net/tls: Use-After-Free via TOCTOU race in tls_sk_proto_close (local privilege escalation, no privs) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​06/​02/​12|[oss-security] Linux kernel TLS ULP use-after-free in tls_sk_proto_close()]] | Sat May 16 17:36:41 2026 \\ Tue Jun 02 20:52:02 2026 | 17.14 | 2026-05-30 |  |
 +| BIND 9 | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​20/​11|[oss-security] ISC has disclosed six vulnerabilities in BIND 9 (CVE-2026-3039,​ CVE-2026-3592,​ CVE-2026-3593,​ CVE-2026-5946,​ CVE-2026-5947,​ CVE-2026-5950)]] | Mon May 18 18:35:58 2026 \\ Wed May 20 13:56:59 2026 | 1.81 | 20 May 2026 | CVE-2026-3039 \\ CVE-2026-3592 \\ CVE-2026-3593 \\ CVE-2026-5946 \\ CVE-2026-5947 \\ CVE-2026-5950 |
 +| Kata Containers runtime-rs | [vs-plain] Vulnerability in Kata Containers runtime-rs (GHSA-2gv2-cffp-j227) \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​21/​14|[oss-security] CVE-2026-47243:​ Kata Containers runtime-rs 3.30: virtiofsd symlink escape]] | Mon May 18 19:12:13 2026 \\ Thu May 21 18:27:40 2026 | 2.97 | 2026-05-21 1900UTC | GHSA-2gv2-cffp-j227 \\ CVE-2026-47243 |
 +| Unbound | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​20/​5|[oss-security] Unbound: 1.25.1 addresses multiple CVE items]] | Mon May 18 19:36:33 2026 \\ Wed May 20 09:17:52 2026 | 1.57 | 20 May 2026 | CVE-2026-33278 \\ CVE-2026-42944 \\ CVE-2026-42959 \\ CVE-2026-32792 \\ CVE-2026-40622 \\ CVE-2026-41292 \\ CVE-2026-42534 \\ CVE-2026-42923 \\ CVE-2026-42960 \\ CVE-2026-44390 \\ CVE-2026-44608 |
 +| OpenStack | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​06/​03/​14|[oss-security] [OSSA-2026-020] OpenStack Mistral: Mistral policy enforcement bypass allows unauthorized public resource creation and arbitrary code execution (CVE-2026-41283)]] | Thu May 21 16:42:40 2026 \\ Wed Jun 03 16:51:55 2026 | 13.01 | 2026-06-03 15:00 UTC | CVE-2026-41283 |
 +| Linux | [vs-plain] kernel+userspace LPE affecting several distros \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​28/​2|[oss-security] CIFSwitch: Linux kernel/​cifs-utils local root via forged cifs.spnego upcall]] | Mon May 25 07:59:43 2026 \\ Thu May 28 07:07:27 2026 | 2.96 | Wednesday, May 27, 7pm PT | CIFSwitch \\ CVE-2026-46243 |
 +| Exim | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​05/​29/​3|[oss-security] CVE-2026-48840:​ Exim 4.99.4: PROXY-protocol uninitialised-stack information disclosure]] | Mon May 25 22:41:34 2026 \\ Fri May 29 14:39:08 2026 | 3.66 | Friday, 2026-05-29 14:00 UTC | EXIM-Security-2026-05-19.1 \\ CVE-2026-48840 |
 +| OpenSSL | [vs-plain] Embargoed OpenSSL issues \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​06/​09/​15|[oss-security] OpenSSL Security Advisory]] | Tue May 26 13:10:13 2026 \\ Tue Jun 09 16:09:07 2026 | 14.12 | 9th June 2026 |  |
 +| X.Org X server and Xwayland | [vs-plain] Preview of X.Org Security Advisory for 2026-06-02 \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​06/​02/​1|[oss-security] FW: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland]] | Wed May 27 00:04:06 2026 \\ Tue Jun 02 00:27:21 2026 | 6.02 | June 2, 2026 at 00:00 UTC |  |
 +| OpenStack | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​06/​03/​13|[oss-security] [OSSA-2026-019] Ironic: File Extraction from conductor via pxe_template (CVE-2026-44917)]] | Wed May 27 19:21:05 2026 \\ Wed Jun 03 16:51:51 2026 | 6.90 | June 3 2026, 1500UTC | CVE-2026-44917 |
 +| OpenStack | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​06/​03/​11|[oss-security] [OSSA-2026-017] Ironic: Script injection during node boot via linux command line override (CVE-2026-46447)]] | Wed May 27 19:23:10 2026 \\ Wed Jun 03 16:51:36 2026 | 6.89 | June 3 2026, 1500 UTC | CVE-2026-46447 |
 +| OpenStack | [vs] ... \\ [[https://​www.openwall.com/​lists/​oss-security/​2026/​06/​03/​12|[oss-security] [OSSA-2026-018] Ironic: File overwrite on Ironic conductor via path traversal in ISO handling (CVE-2026-48681)]] | Wed May 27 19:23:11 2026 \\ Wed Jun 03 16:51:41 2026 | 6.89 | June 3 2026, 1500UTC | CVE-2026-48681 |
  
 ===== Source input data ===== ===== Source input data =====
Line 27: Line 83:
  
   * {{stats-202601.txt}}   * {{stats-202601.txt}}
 +  * {{stats-202602.txt}}
 +  * {{stats-202603.txt}}
 +  * {{stats-202604.txt}}
 +  * {{stats-202605.txt}}
mailing-lists/distros/stats/2026.1770613867.txt · Last modified: 2026/02/09 06:11 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux