[Git][security-tracker-team/security-tracker][master] erlang DSA

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48f5e799 by Moritz Mühlenhoff at 2025-04-20T11:18:47+02:00
erlang DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8501,7 +8501,6 @@ CVE-2025-30371 (Metabase is a business intelligence and embedded analytics tool.
 	NOT-FOR-US: Metabase
 CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming language.  ...)
 	- erlang 1:27.3.1+dfsg-1 (bug #1101713)
-	[bookworm] - erlang <no-dsa> (Minor issue)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
 	NOTE: https://github.com/erlang/otp/commit/df3aad2c5570847895562ff96a725190571f028c (OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
 	NOTE: https://github.com/erlang/otp/commit/655e20a49ef80431e86ffb6c7f366d01fd4b64c3 (OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
@@ -22041,7 +22040,6 @@ CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264 en
 	NOTE: Fixed by: https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449 (v2.6.0)
 CVE-2025-26618 (Erlang is a programming language and runtime system for building massi ...)
 	- erlang 1:27.2.4+dfsg-1
-	[bookworm] - erlang <no-dsa> (Minor issue)
 	[bullseye] - erlang <postponed> (Minor issue)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr
 	NOTE: https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872 (OTP-25.3.2.18, OTP-26.2.5.9, OTP-27.2.4)
@@ -140455,7 +140453,6 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	[bullseye] - dropbear 2020.81-3+deb11u1
 	[buster] - dropbear <not-affected> (ChaCha20-Poly1305 support introduced in 2020.79; *-EtM not supported as of 2022.83)
 	- erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
-	[bookworm] - erlang <no-dsa> (Minor issue)
 	[bullseye] - erlang <no-dsa> (Minor issue)
 	[buster] - erlang <no-dsa> (Minor issue)
 	- filezilla 3.66.4-1


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Apr 2025] DSA-5906-1 erlang - security update
+	{CVE-2023-48795 CVE-2025-26618 CVE-2025-30211 CVE-2025-32433}
+	[bookworm] - erlang 1:25.2.3+dfsg-1+deb12u1
 [17 Apr 2025] DSA-5905-1 graphicsmagick - security update
 	{CVE-2025-27795 CVE-2025-32460}
 	[bookworm] - graphicsmagick 1.4+really1.3.40-4+deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -14,9 +14,6 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 commons-vfs (apo)
 --
-erlang
-  Maintainer is contacted for preparing an update
---
 frr
   coordination with the maintainer ongoing, Daniel Baumann proposing an update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48f5e799ed17465b65c6b048daf3222e81d3f1c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48f5e799ed17465b65c6b048daf3222e81d3f1c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250420/7c70f2ce/attachment-0001.htm>