Differences

This shows you the differences between two versions of the page.

--- mailing-lists:distros:stats:2026 [2026/05/13 04:18]
solar add 2026-03 and 2026-04
+++ mailing-lists:distros:stats:2026 [2026/06/20 05:44] (current)
solar add 2026-05
@@ Line 10: / Line 10: @@
 | 2026-03 | 15 | 15 | 10.40 | 5.35 | 1.11 | 49.69 |
 | 2026-04 | 16 | 16 | 9.84 | 6.06 | 3.60 | 31.98 |
-| Total | 38 | 38 | 10.05 | 6.78 | 1.11 | 49.69 |
+| 2026-05 | 17 | 17 | 6.79 | 6.02 | 0.14 | 17.14 |
+| Total | 55 | 55 | 9.04 | 6.75 | 0.14 | 49.69 |
 Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros, which in 2026 didn't occur yet) are (would be) excluded from the calculation of average, median, and minimum embargo duration above.
@@ Line 59: / Line 60: @@
 | Exim | [vs-plain] EXIM-Security-2026-04-24 \\ [[https://www.openwall.com/lists/oss-security/2026/04/30/21|[oss-security] Exim 4.99.2 fixes 4 CVEs]] | Fri Apr 24 15:09:46 2026 \\ Thu Apr 30 18:21:42 2026 | 6.13 | next Wednesday, 2026-04-29T12:00:00+0000 | CVE-2026-40684 \\ CVE-2026-40685 \\ CVE-2026-40686 \\ CVE-2026-40687 |
 | OpenStack Cyborg | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/05/07/6|[oss-security] [OSSA-2026-011] OpenStack Cyborg: Multiple access control vulnerabilities in Cyborg accelerator management (CVE-2026-40213, CVE-2026-40214)]] | Thu Apr 30 15:02:08 2026 \\ Thu May 07 18:27:34 2026 | 7.14 | 2026-05-07, 1500UTC | CVE-2026-40213 \\ CVE-2026-40214 |
+| Linux | [vs-plain] Dirty Frag: Universal LPE on all major Linux distributions \\ [[https://www.openwall.com/lists/oss-security/2026/05/07/8|[oss-security] Dirty Frag: Universal Linux LPE]] | Thu May 07 15:01:30 2026 \\ Thu May 07 18:59:34 2026 | 0.17 | embargo of 5 days \\ go out with fixes ASAP | Dirty Frag \\ CVE-2026-43284 \\ CVE-2026-43500 |
+| Exim | [vs] EXIM-Security-2026-05-01.1: security release 4.99.3 ahead \\ [[https://www.openwall.com/lists/oss-security/2026/05/12/4|[oss-security] [EXIM-Security-2026-05-01.1] Security Release 4.99.3]] | Thu May 07 22:00:56 2026 \\ Tue May 12 14:15:13 2026 | 4.68 | Tuesday, May 12, 2026, at 14:00 UTC | EXIM-Security-2026-05-01.1 \\ CVE-2026-45185 |
+| rsync | [vs-plain] rsync 3.4.3 - 5 CVEs (CVE-2026-29518, CVE-2026-43617, -43618, -43619, -43620) - embargo until 2026-05-20 00:00 UTC \\ [[https://www.openwall.com/lists/oss-security/2026/05/20/6|[oss-security] rsync 3.4.3 released: six CVEs (CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232)]] | Fri May 08 00:53:29 2026 \\ Wed May 20 09:26:30 2026 | 12.36 | 2026-05-20 at 00:00 UTC (10:00 AEST, Wednesday morning Canberra time) | CVE-2026-29518 \\ CVE-2026-43617 \\ CVE-2026-43618 \\ CVE-2026-43619 \\ CVE-2026-43620 |
+| OpenStack Keystone | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/05/28/7|[oss-security] [OSSA-2026-015] OpenStack Keystone: Multiple credential delegation and authorization bypass vulnerabilities (CVE-2026-42998, CVE-2026-42999, CVE-2026-43000, CVE-2026-43001, CVE-2026-44394)]] | Thu May 14 18:51:47 2026 \\ Thu May 28 20:56:12 2026 | 14.09 | 2026-05-28, 1500UTC | CVE-2026-42998 \\ CVE-2026-42999 \\ CVE-2026-43000 \\ CVE-2026-43001 \\ CVE-2026-44394 |
+| Linux | %%[vs-plain] Logic bug in the Linux kernel's __ptrace_may_access()%% \\ [[https://www.openwall.com/lists/oss-security/2026/05/15/2|[oss-security] Logic bug in the Linux kernel's __ptrace_may_access() function]] | Thu May 14 22:58:25 2026 \\ Fri May 15 02:21:01 2026 | 0.14 | Wednesday, May 20 \\ now | CVE-2026-46333 |
+| Linux | [vs-plain] net/tls: Use-After-Free via TOCTOU race in tls_sk_proto_close (local privilege escalation, no privs) \\ [[https://www.openwall.com/lists/oss-security/2026/06/02/12|[oss-security] Linux kernel TLS ULP use-after-free in tls_sk_proto_close()]] | Sat May 16 17:36:41 2026 \\ Tue Jun 02 20:52:02 2026 | 17.14 | 2026-05-30 |  |
+| BIND 9 | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/05/20/11|[oss-security] ISC has disclosed six vulnerabilities in BIND 9 (CVE-2026-3039, CVE-2026-3592, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, CVE-2026-5950)]] | Mon May 18 18:35:58 2026 \\ Wed May 20 13:56:59 2026 | 1.81 | 20 May 2026 | CVE-2026-3039 \\ CVE-2026-3592 \\ CVE-2026-3593 \\ CVE-2026-5946 \\ CVE-2026-5947 \\ CVE-2026-5950 |
+| Kata Containers runtime-rs | [vs-plain] Vulnerability in Kata Containers runtime-rs (GHSA-2gv2-cffp-j227) \\ [[https://www.openwall.com/lists/oss-security/2026/05/21/14|[oss-security] CVE-2026-47243: Kata Containers runtime-rs 3.30: virtiofsd symlink escape]] | Mon May 18 19:12:13 2026 \\ Thu May 21 18:27:40 2026 | 2.97 | 2026-05-21 1900UTC | GHSA-2gv2-cffp-j227 \\ CVE-2026-47243 |
+| Unbound | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/05/20/5|[oss-security] Unbound: 1.25.1 addresses multiple CVE items]] | Mon May 18 19:36:33 2026 \\ Wed May 20 09:17:52 2026 | 1.57 | 20 May 2026 | CVE-2026-33278 \\ CVE-2026-42944 \\ CVE-2026-42959 \\ CVE-2026-32792 \\ CVE-2026-40622 \\ CVE-2026-41292 \\ CVE-2026-42534 \\ CVE-2026-42923 \\ CVE-2026-42960 \\ CVE-2026-44390 \\ CVE-2026-44608 |
+| OpenStack | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/06/03/14|[oss-security] [OSSA-2026-020] OpenStack Mistral: Mistral policy enforcement bypass allows unauthorized public resource creation and arbitrary code execution (CVE-2026-41283)]] | Thu May 21 16:42:40 2026 \\ Wed Jun 03 16:51:55 2026 | 13.01 | 2026-06-03 15:00 UTC | CVE-2026-41283 |
+| Linux | [vs-plain] kernel+userspace LPE affecting several distros \\ [[https://www.openwall.com/lists/oss-security/2026/05/28/2|[oss-security] CIFSwitch: Linux kernel/cifs-utils local root via forged cifs.spnego upcall]] | Mon May 25 07:59:43 2026 \\ Thu May 28 07:07:27 2026 | 2.96 | Wednesday, May 27, 7pm PT | CIFSwitch \\ CVE-2026-46243 |
+| Exim | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/05/29/3|[oss-security] CVE-2026-48840: Exim 4.99.4: PROXY-protocol uninitialised-stack information disclosure]] | Mon May 25 22:41:34 2026 \\ Fri May 29 14:39:08 2026 | 3.66 | Friday, 2026-05-29 14:00 UTC | EXIM-Security-2026-05-19.1 \\ CVE-2026-48840 |
+| OpenSSL | [vs-plain] Embargoed OpenSSL issues \\ [[https://www.openwall.com/lists/oss-security/2026/06/09/15|[oss-security] OpenSSL Security Advisory]] | Tue May 26 13:10:13 2026 \\ Tue Jun 09 16:09:07 2026 | 14.12 | 9th June 2026 |  |
+| X.Org X server and Xwayland | [vs-plain] Preview of X.Org Security Advisory for 2026-06-02 \\ [[https://www.openwall.com/lists/oss-security/2026/06/02/1|[oss-security] FW: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland]] | Wed May 27 00:04:06 2026 \\ Tue Jun 02 00:27:21 2026 | 6.02 | June 2, 2026 at 00:00 UTC |  |
+| OpenStack | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/06/03/13|[oss-security] [OSSA-2026-019] Ironic: File Extraction from conductor via pxe_template (CVE-2026-44917)]] | Wed May 27 19:21:05 2026 \\ Wed Jun 03 16:51:51 2026 | 6.90 | June 3 2026, 1500UTC | CVE-2026-44917 |
+| OpenStack | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/06/03/11|[oss-security] [OSSA-2026-017] Ironic: Script injection during node boot via linux command line override (CVE-2026-46447)]] | Wed May 27 19:23:10 2026 \\ Wed Jun 03 16:51:36 2026 | 6.89 | June 3 2026, 1500 UTC | CVE-2026-46447 |
+| OpenStack | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2026/06/03/12|[oss-security] [OSSA-2026-018] Ironic: File overwrite on Ironic conductor via path traversal in ISO handling (CVE-2026-48681)]] | Wed May 27 19:23:11 2026 \\ Wed Jun 03 16:51:41 2026 | 6.89 | June 3 2026, 1500UTC | CVE-2026-48681 |
 ===== Source input data =====
@@ Line 68: / Line 86: @@
   * {{stats-202603.txt}}
   * {{stats-202604.txt}}
+  * {{stats-202605.txt}}