[Pkg-erlang-devel] Bug#1103458: unblock: erlang/1:27.3.3+dfsg-1
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 17 20:30:03 BST 2025
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: erlang at packages.debian.org, team at security.debian.org, Sergei Golovan <sgolovan at debian.org>, carnil at debian.org
Control: affects -1 + src:erlang
User: release.debian.org at packages.debian.org
Usertags: unblock
Hi release team,
[Note not the maintainer here, but reaching out to you as
security team member]
erlang/1:27.3.3+dfsg-1 fixes a critical CVE, CVE-2025-32433, #1103442,
in the Erlang/OTP SSH server allowing unauthenticated remote code
execution.
The upload to unstable contained more than that and the fix is
included in the new upstream version. The set of changes though is
still limited, and I'm adding the maintainer here as well fo
X-Debbugs-CC to confirm.
https://github.com/erlang/otp/releases/tag/OTP-27.3.3
If you agree to please lower the required time for transition to
testing to allow to fix CVE-2025-32433.
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: erlang_27.3.3+dfsg-1.debdiff.xz
Type: application/x-xz
Size: 8428 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-erlang-devel/attachments/20250417/b914b4a4/attachment.xz>
More information about the Pkg-erlang-devel
mailing list