[From nobody Sat May 2 20:33:08 2026 Received: (at 1130912-close) by bugs.debian.org; 2 May 2026 19:32:24 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 4; hammy, 150; neutral, 292; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo Return-path: <envelope@ftp-master.debian.org> Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:49108) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wJG4e-002SOp-0B for 1130912-close@bugs.debian.org; Sat, 02 May 2026 19:32:24 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wJG4e-000w87-3A for 1130912-close@bugs.debian.org; Sat, 02 May 2026 19:32:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=z3os35z85FkHAyL6B48pOMot7L2R9rVjuOHqnyueqhs=; b=eYmTlVHSEBeqPik6SQex2AiQZw udZg/Q9Ub9kn0F644+EjbZjYqyQ5h4iW0gnlBR8ZeEDZanyZ0XS67lj7fcZeM9w+Rj+3vafUU3yvS mSlMiQz/Gu1SbQnGvot1oAwV3gcbErA+nkmR/Z5NsPyEvaJS/KIt2L3nrOLRwf8eTyRd9Lpk9ASnk uBc7sOi4VBDdj3+rqmGwweMnfTNEDdb5/JlQh+fIzabeGbeUm9oQIp7ueiMARPeKfwHLF1+cBswRT +Q4QLmx+Wvr8xbs49oITz8PxSAFcz+Qd80XNUx5/08Pbi1Di/luBrh4PLh0JNgm0q4fk2ETr03fE8 Vp07GR3g==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wJG4d-00000005bjn-0cjy; Sat, 02 May 2026 19:32:23 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Sergei Golovan <sgolovan@debian.org> To: 1130912-close@bugs.debian.org X-DAK: dak process-policy X-Debian: DAK X-Debian-Package: erlang Debian: DAK Debian-Changes: erlang_27.3.4.1+dfsg-1+deb13u2_source.changes Debian-Source: erlang Debian-Version: 1:27.3.4.1+dfsg-1+deb13u2 Debian-Architecture: source Debian-Suite: proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1130912: fixed in erlang 1:27.3.4.1+dfsg-1+deb13u2 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============1713922763589884149==" Message-Id: <E1wJG4d-00000005bjn-0cjy@fasolo.debian.org> Date: Sat, 02 May 2026 19:32:23 +0000 X-CrossAssassin-Score: 2 --===============1713922763589884149== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: erlang Source-Version: 1:27.3.4.1+dfsg-1+deb13u2 Done: Sergei Golovan <sgolovan@debian.org> We believe that the bug you reported is fixed in the latest version of erlang, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1130912@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sergei Golovan <sgolovan@debian.org> (supplier of updated erlang package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 04 Apr 2026 16:45:31 +0300 Source: erlang Architecture: source Version: 1:27.3.4.1+dfsg-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org> Changed-By: Sergei Golovan <sgolovan@debian.org> Closes: 1128651 1130912 Changes: erlang (1:27.3.4.1+dfsg-1+deb13u2) trixie; urgency=3Dmedium . [ Lucas Kanashiro ] * Fix CVE-2026-21620. Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in Erlang OTP (tftp_file modules). Closes: #1128651 * Fix CVE-2026-23941. Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. - d/p/CVE-2026-23941.patch * Fix CVE-2026-23942. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. - d/p/CVE-2026-23942.patch * Fix CVE-2026-23943. Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. - d/p/CVE-2026-23943.patch Closes: #1130912 Checksums-Sha1: 257dd81488b5a65ccf22b1dc6bc5edbe431a3a0f 4942 erlang_27.3.4.1+dfsg-1+deb13u2= .dsc fd2fb83babb193080dde220b48cd747ecd34e9c1 81592 erlang_27.3.4.1+dfsg-1+deb13u= 2.debian.tar.xz 009e5c3a9865f14dc8d1ed35385c14f745bc75a5 32187 erlang_27.3.4.1+dfsg-1+deb13u= 2_amd64.buildinfo Checksums-Sha256: b4ea709dcf33f86d488ad2bf6301eb8c47c9adec68f4ea0a86eb1d779ef00c08 4942 erlang= _27.3.4.1+dfsg-1+deb13u2.dsc 6d8eb82e8667bdfec2c8acbb910fd5bbbee0b0fb81c198e830fb9c26767ff77c 81592 erlan= g_27.3.4.1+dfsg-1+deb13u2.debian.tar.xz 8c6813a4d80310eafca9cec6463f7f70bab366f813d1e46cbcf7784fd92b194d 32187 erlan= g_27.3.4.1+dfsg-1+deb13u2_amd64.buildinfo Files: c1940739194f0b92925659034a4cc1b7 4942 interpreters optional erlang_27.3.4.1+= dfsg-1+deb13u2.dsc 65f43668662b1c192620f6615ea67701 81592 interpreters optional erlang_27.3.4.1= +dfsg-1+deb13u2.debian.tar.xz f14007a6d5a303ee50b04c9b9ee7b72d 32187 interpreters optional erlang_27.3.4.1= +dfsg-1+deb13u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmnRF+QACgkQTyrk60tj 54cayA/6A3puUNhnpsYoUbRvufPT67BVJD/DxlicLRZYKON5leoaYGZJixKhVB2e 12f3E2srfPtTsYhYNlHc8+eFHpse/zaodcjShk+bAULRDn1qlLDTOuk/LCWZ+h9O OXEHQeGOzNDwINcMlcO4+kQt75dETFCLKqS4kkchPfW7jQBVpwOV2paykafBiWPj aVAWnD9xhKcVmklrPzpkZkCiXRaDdFVhdARIxoQjI5TVhw5G7JYAHcLl140mCJHB mhiuYPMFXL3ZggUrgU3Njubs+bM8lBQtvRkg9zRnD+WGdcF7IRJSjEMqedid4zwi XAxijL5oLYDscqT/eJZ/Iyvc5yMRw8Axfxc4/cVSysMxRkjnv3cWdjG4uLXmFRIQ TrOXYWRJoNnovvM8yv5tOBRf5rBAyzIK5aJmUIqtYlvYCkA8kF5C6WObC65/2bIq 9ZQ5t/IMWGpjYO5MlNEAQgxY/aF4XgJ2Yd+cx5Kuuv8DG0WQmsIKrnLCTL9Fxi55 u65OntHekTaVwZ1L22D7A9++lrNiwj7bYd33e1BF0Lpsv2ksdl/97ksL31DWllu7 WXo7R/+WRvvsSKOnJimlDNLVZ2aj+v95yF8gxyRLQpNkfJzsHGrK6JyU30ZpffFp ZKke9/5FRJMMYK1V6A3s5CEQA1xGfuKkDcW7SoZ+nyuOgYVmhJw=3D =3Dtrvd -----END PGP SIGNATURE----- --===============1713922763589884149== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCafZRRwAKCRCb9qggYcy5 IbeXAQCU8cQEmhvqhi3aN75dE89U7fjmVQdmNEKu/CrP0ZAtxQD/QqJBaVXx6OTp Vvxy7JtePE3EiT7y5MNW6VpUmnrPAAw= =aMPm -----END PGP SIGNATURE----- --===============1713922763589884149==-- ]