[From nobody Fri Jun 12 19:21:07 2026 Received: (at 1124853-close) by bugs.debian.org; 12 Jun 2026 18:19:44 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 98; hammy, 150; neutral, 325; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from muffat.debian.org ([2607:f8f0:614:1::1274:33]:57472) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wY6To-0045tl-26 for 1124853-close@bugs.debian.org; Fri, 12 Jun 2026 18:19:44 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by muffat.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wY6To-00F7Ie-1Z for 1124853-close@bugs.debian.org; Fri, 12 Jun 2026 18:19:44 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=sg6V7SacLDDBAQw2qgWkk5rbFBuRofA5e+9fv+/6qew=; b=dkhPnFVX2M5nElfKC04s8pzmN5 T/d0rHBkr60QWdYkeVgRaP1uEC0nsw10mCR4SWqC48OQ5N8DN2ozyppxRqw+k/xBV5B2jlfPw7zYm mJeovWn4dQ2eHXwxX/+EPIN90N/khtP1BT4USlzuOgJL7zFtYY1qyDrBR8IqWSZH1/7y0/GjUZwkt /bLs1I1lPh304aMDQsvsXZ1obhBR/W+upBDQZ1iiLc8ji5IfIRlUdziZS7tzNnw5uprQMYfPHWCWH 5XGXF3JfRuvB3PQd47i6zZjbQ1h3GCQI0G8Z2nVUm5bxQnr6AhgwRoJmTbTPo4YCkDFwl6HorLTJ/ fQI72wSQ==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wY6Tn-00000000ioy-2ktl; Fri, 12 Jun 2026 18:19:43 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Sergei Golovan <sgolovan@debian.org> To: 1124853-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: erlang Debian: DAK Debian-Changes: erlang_29.0.2+dfsg-1_source.changes Debian-Source: erlang Debian-Version: 1:29.0.2+dfsg-1 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1124853: fixed in erlang 1:29.0.2+dfsg-1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============2851887417120795544==" Message-Id: <E1wY6Tn-00000000ioy-2ktl@fasolo.debian.org> Date: Fri, 12 Jun 2026 18:19:43 +0000 --===============2851887417120795544== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: erlang Source-Version: 1:29.0.2+dfsg-1 Done: Sergei Golovan <sgolovan@debian.org> We believe that the bug you reported is fixed in the latest version of erlang, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1124853@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sergei Golovan <sgolovan@debian.org> (supplier of updated erlang package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 12 Jun 2026 20:36:06 +0300 Source: erlang Architecture: source Version: 1:29.0.2+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org> Changed-By: Sergei Golovan <sgolovan@debian.org> Closes: 1045018 1124853 1139727 1139823 Changes: erlang (1:29.0.2+dfsg-1) unstable; urgency=3Dmedium . * New upstream release. - Fix CVE-2026-48855: Exposure of Sensitive Information to an Unauthoriz= ed Actor vulnerability in Erlang OTP ssh application (ssh_sftpd module). - Fix CVE-2026-48856: Sensitive Data Exposure vulnerability in Erlang OTP inets application (httpc_response module). - Fix CVE-2026-48858: Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp application (ftp_internal module). - Fix CVE-2026-48859: Observable Timing Discrepancy vulnerability in Erlang/OTP ssh application (ssh_auth, ssh_options modules). - Fix CVE-2026-48860: Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl application (inet_tls_dist module). - Fix CVE-2026-49759: Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv). - Fix CVE-2026-49760: Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface). Closes: #1139727, #1139823. * Drop dependencies of erlang-jinterface on java1-runtime-headless, java1-runtime because they don't exist anymore. * Drop providing erlang-pcre by erlang-base because it is not used by any package and is not necessary anymore. * Promote libsctp1 from recommends to depends because erl now emits a warning if it cannot find the libsctp library, which make some packages that build depend on Erlang FTBFS. * Add a patch which fixes enabling build of odbcserver. * Add pkgconf and libglib2.0-dev to the build dependencies for erlang-wx. * Refine interdependencies of the binary packages. * Use the default build flags (closes: #1124853). * Clean up the code which stops epmd on erlang-base removal/upgrade. * Do more thorough cleanup after building the package (closes: #1045018). * Fix debian/watch to sort upstream version 29.0 after 29.0-rc3. * Fix collecting examples which are now installed along with the documentation, make links to them in the erlang-doc package. * Switch from ronn to the internal manpage generation escript for generating manpages in section 1. * Add symlink /usr/lib/erlang/man to the Erlang manpages in the erlang-doc package. * Compress manpages in the erlang-doc package. * Use -n option for gzip when compressing manpages for reproducibility. * Do not remove id from the EPUB contents files in docs, just replace it by a deterministic value. * Replace echo by printf in the makefile for generating docs because sometimes echo "\n" prints literal \n for reproducibility. * Move HTML and EPUB docs directly to the /usr/share/doc/erlang-doc directory. * Respect SOURCE_DATE_EPOCH when generating footers of HTML docs for reproducibility. Checksums-Sha1: b0494f5c21cb7ecbc9e54ede7bbd342548288ef6 5002 erlang_29.0.2+dfsg-1.dsc 2199eb78fd3f51eaa690e38a1467873683a04456 49253348 erlang_29.0.2+dfsg.orig.ta= r.xz 57531eb6509af98678d84a85ee5b40f782d3b667 61932 erlang_29.0.2+dfsg-1.debian.t= ar.xz e4ddd32871955ef3c0341672d3cf1c7477992ddd 32569 erlang_29.0.2+dfsg-1_amd64.bu= ildinfo Checksums-Sha256: b1ac5e8c01b6f7828fe7283492a2d4201a58bce158c3b12268b2302d4d87d0b5 5002 erlang= _29.0.2+dfsg-1.dsc 14c1277b6ac0c6940952d253389dc04b1bf129c30a77567d99c99c9d5592eb42 49253348 er= lang_29.0.2+dfsg.orig.tar.xz bf585df968de5f14d5fdf163b8b45011a454549d2f159c38eab13812f65a8141 61932 erlan= g_29.0.2+dfsg-1.debian.tar.xz 62c4631305af5e752b9a04f845ca2da5e5cd417ceb3591134cbe50da27a576ea 32569 erlan= g_29.0.2+dfsg-1_amd64.buildinfo Files: a9202e0fd46291c6001632880d373ec3 5002 interpreters optional erlang_29.0.2+df= sg-1.dsc 6dd10e3f187393805df50ec099f3f158 49253348 interpreters optional erlang_29.0.= 2+dfsg.orig.tar.xz 4fdbf975ed79957231f6b11987d3ae5d 61932 interpreters optional erlang_29.0.2+d= fsg-1.debian.tar.xz 7174d95200c893b3e5f7d12f2c53fc5b 32569 interpreters optional erlang_29.0.2+d= fsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmosSVQACgkQTyrk60tj 54eE3hAAv1aMx0iOdUogBWWqwa4vs6mQvKCkTE5D0q1pq3s4LuMbeyHjel92A/lW cWN1Q+XyZiyxvt26F5HNkY8q7W0AiNj1Y9C26cjENHew2ysUXzmQT5SxeUir/2A7 rUA62M4eT9RYZTM5DW9iRBILMlDogqDGE03RIF/4ltFYofBwkJhDW9Cn11PjNqqx PWGn0UyBT0qD1VQXnH7fJUumAoJc2SEXASuMdnJboWyb1qDNvkGhk/LrjF4L34N1 ybgVBsMkmXn7/oypPtPGFMpB4adqUdXcfpxYfW0jhpb0tIuUDJn1gqcM17Cxi7HE zXfIJ9MhFYz+rQ59f/MEQen0L7/u1JIhGO3sq25f+L4DeQEG9ofzW4gvI+cyTzir cN0PB7W3qdgqlVe0bwvKAMFaI5Otg6OJIz3mkry5Ar4CaxKHEXaWO9MvoWmm0DjD dzZlIpnZ0qPTQ3nwopXlEpekgVIVK+Ice8wRPIxBJJDoA56mAU9a45QRz+vphUMT H5BXSp1mgXz+PuUpu35sLeQNHEX12f40dJ14j+OopgpkU52UjOidh2Z2rXD9UgUB 7C5n1VehFmebFKla127IamcbFxTIer7wlXKdopUk9wb/Obrwc9dUYoJorRZYcbBk NKkSSZL550xYngOq2y6mP/vnSSncViqc1XuPmQYn4cMuQ96ljjg=3D =3DSxVz -----END PGP SIGNATURE----- --===============2851887417120795544== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaixNvwAKCRCb9qggYcy5 ISPxAQDGTPYkHCWDIe8PM593JcRfgOGCy4QZuVhNQHwlNUrc4AD+MRiNO0zK4XKY M1DFMHd0DxXYPWJ0GqzfahejlxXtFgs= =cKUc -----END PGP SIGNATURE----- --===============2851887417120795544==-- ]