[From nobody Sun May 3 17:34:05 2026 Received: (at 1130912-close) by bugs.debian.org; 3 May 2026 16:33:05 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 76; hammy, 150; neutral, 242; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo Return-path: <envelope@ftp-master.debian.org> Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:60740) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wJZkf-004wu9-0O for 1130912-close@bugs.debian.org; Sun, 03 May 2026 16:33:05 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wJZkg-00234O-09 for 1130912-close@bugs.debian.org; Sun, 03 May 2026 16:33:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=1NOgyX0WSeC+Rre+Lp+ydhZLH6FQ9jX4506zmoyvygo=; b=D+/GwqB7CS4ht6v2fZk9WVZguk 9rvBMlpd9qqb8KzRnOMRWJCcswhW5SCBtJO45uUTNQj+9lWqCgKitpkEF/wT0zyUjmg7qOsopy/JZ ee1w2T2V0dswzcnbXLuU3oE92yZ1M2H7nf/H57Qt079O+AaWJx/SMPH/wJXAZTyil/zfWkrUcc4YE HhId3gyHzYkW3EFW2PsLEMe8XAfmEaB3seK+IBAD+F3TEkero5mfNfzf33J1bjChT3FGTzIjrx5BO jC+iiS5q1eoZORlRdL9fTn/RtWCroWqrVyNxTc/8d7yGff2ulpkoqMRpFLZPAF2LwtQELviF+AtyX IFxxEjmg==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wJZke-00000009XHi-0tUu; Sun, 03 May 2026 16:33:04 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Sergei Golovan <sgolovan@debian.org> To: 1130912-close@bugs.debian.org X-DAK: dak process-policy X-Debian: DAK X-Debian-Package: erlang Debian: DAK Debian-Changes: erlang_25.2.3+dfsg-1+deb12u4_source.changes Debian-Source: erlang Debian-Version: 1:25.2.3+dfsg-1+deb12u4 Debian-Architecture: source Debian-Suite: oldstable-proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1130912: fixed in erlang 1:25.2.3+dfsg-1+deb12u4 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============5716251793767691850==" Message-Id: <E1wJZke-00000009XHi-0tUu@fasolo.debian.org> Date: Sun, 03 May 2026 16:33:04 +0000 --===============5716251793767691850== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: erlang Source-Version: 1:25.2.3+dfsg-1+deb12u4 Done: Sergei Golovan <sgolovan@debian.org> We believe that the bug you reported is fixed in the latest version of erlang, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1130912@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sergei Golovan <sgolovan@debian.org> (supplier of updated erlang package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 07 Apr 2026 13:54:55 +0300 Source: erlang Architecture: source Version: 1:25.2.3+dfsg-1+deb12u4 Distribution: bookworm Urgency: medium Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org> Changed-By: Sergei Golovan <sgolovan@debian.org> Closes: 1115090 1115091 1115092 1115093 1128651 1130912 Changes: erlang (1:25.2.3+dfsg-1+deb12u4) bookworm; urgency=3Dmedium . [ Jochen Sprickerhof ] * Add salsa-ci * Add gbp.conf. Needed to reproduce the orig.tar with empty directories. * Fix CVE-2025-48038: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, resource leak exposure (closes: #1115093). * Fix CVE-2025-48039: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, resource leak exposure (closes: #1115092). * Fix CVE-2025-48040: uncontrolled resource consumption vulnerability in the ssh_sftp module allows excessive allocation, flooding (closes: 11150= 91). * Fix CVE-2025-48041: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, flooding (closes: #1115090). . [ Lucas Kanashiro ] * Fix CVE-2026-23941. Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. * Fix CVE-2026-23942. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. * Fix CVE-2026-23943. Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. Closes: #1130912. . [ Sergei Golovan ] * Fix CVE-2026-21620. Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in Erlang/OTP (tftp_file modules) (closes: 1128651). Checksums-Sha1: bedec899398c22c0ebf82ea636828d2bbbfe2091 5041 erlang_25.2.3+dfsg-1+deb12u4.d= sc 0cadda67ccbfcdf0918b16ec64f548c093c7c9b0 93732 erlang_25.2.3+dfsg-1+deb12u4.= debian.tar.xz f1cb5c49e66bb6c2d002aa6e5c57938f20ddb500 31602 erlang_25.2.3+dfsg-1+deb12u4_= amd64.buildinfo Checksums-Sha256: f09c13e9ea6c39b371c15148dac3cf2745ff6e3fdfe979758e7780f4a42b04a7 5041 erlang= _25.2.3+dfsg-1+deb12u4.dsc e940fcddc3e83b7e7c740d871aa6c0aec237069ce4589e79f28e1e701900f64d 93732 erlan= g_25.2.3+dfsg-1+deb12u4.debian.tar.xz 28bc047aab531647be9a728677797e1d106a880e36c308a13d0a1b6f58982de6 31602 erlan= g_25.2.3+dfsg-1+deb12u4_amd64.buildinfo Files: 642dab00f18de63bb845513ec5a375d9 5041 interpreters optional erlang_25.2.3+df= sg-1+deb12u4.dsc 153074a5d3941454a2cf0b114dbd9953 93732 interpreters optional erlang_25.2.3+d= fsg-1+deb12u4.debian.tar.xz 1a1311ed247f9511a956b6f2330b8f3a 31602 interpreters optional erlang_25.2.3+d= fsg-1+deb12u4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmn3NCYACgkQTyrk60tj 54ckvw/8Dzl1uAW2Lx5qzq4NGGx0GOVKhrZO2Hb7HoVDdT+TRfwov1xy3O1zvBwL WYewh82Xy9ajQP2pgch6sb+2QYPcn/pgdGf/ZhqIKf8tsq3R8NOzbhwN6n1lNN+l rncGH51h7cpH2f/4QcKNOrSsupXJgAVxPdMqDFfun2mz9AitBJx6Of2fmwgCNWjo WMVgXm4y6NFSFwFcnxVOMkE/5sJXw9gMoB9MMJPJ7ZIOvrGS7niBvpewrPDMegGh URnc7wYEElikz7Jra3fFoTzR2pn45mojLMkaE4obaf4OPjebbvF5nwTgJxnR5nZM KRPw2DjM9tZUVCYqGqCAAi5NUjruogpeu5V+EMWOpzZRAHsCHIsJ7hwyGC3B37MI o6cBBxVxoIN70jp/Nh7n75pNwubPbJCLzisYM1uVpDgotvqgJ6rPYK0ILjPUevkj Vk9CN08P0zsbi59wxf/xA1y1KlR5mKukDh79VXMHT/wfSqs1Z4SQgcg3hhuMTVtg MhG6jtzT6w3HU3wRulQF5p7XIzMNhUfmYaVC/u0J5UN9wqjnsNZ1HEpnNeelrdRz voFAZhueE4EhWwx1gDxV6r1hZvgeLMwivES/bN+Zndr+cLHLhMBGzJc9MSN8uy4P 4/5hqTpDdA2kbQfVxhMQbnJ16ilk1g1A4X52rOe8KqA0w0XbcU4=3D =3Ds9qC -----END PGP SIGNATURE----- --===============5716251793767691850== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCafd4wAAKCRCb9qggYcy5 ITeSAP9xWTJ3i/sdP7zH1sVK7GJB8NPCMVxCvhw2ooHTYoNG9AD+I5P+cgeH9c8V o3FbGnUP9ks4RCx/L9kUUw6Tz1xvtwY= =6JLC -----END PGP SIGNATURE----- --===============5716251793767691850==-- ]