[Pkg-erlang-devel] Question regarding erlang Package 1:25.2.3+dfsg-1+deb12u1
Dommershausen, Tara
Tara.Dommershausen at controlware.de
Tue Jun 24 08:27:36 BST 2025
Hello,
I have a question regarding Erlang Debian Package Version 1:25.2.3+dfsg-1+deb12u1.
We noticed a discrepancy with the package version number and the underlying Erlang/OTP Version and we wondered if this is by purpose or if there might by a mistake here.
We came across this when using a vulnerability scanner for CVE-2025-32433. On the Debian page (https://security-tracker.debian.org/tracker/CVE-2025-32433 and https://tracker.debian.org/news/1640554/accepted-erlang-12523dfsg-1deb12u1-source-into-stable-security/) it says, that the Package Version 1:25.2.3+dfsg-1+deb12u1 patches the vulnerability but the underlying Erlang/OTP Version has the Version Number 25.3.2.20 . Because of this difference in the version numbers the vulnerability scanner is not able to detect that the patched version is installed because it compares the Debian package version to the original Erlang/OTP Version.
Is this discrepancy in version number by purpose or is it maybe a mistake and will the versions be aligned in a new package soon?
I hope I am reaching the responsible person for my question here, otherwise could you forward my question or give me a hint where I have to ask?
Kind regards,
Tara Dommershausen
___________________________________________________
i. A. Tara Dommershausen
Technical Consultant Information Security
Competence Center Security | Offensive Security
Controlware GmbH
Waldstrasse 92, 63128 Dietzenbach, Germany
E-Mail: tara.dommershausen at controlware.de
___________________________________________________
Controlware GmbH | Telefon: +49 6074 858-00 | Fax: +49 6074 858-108 | E-Mail: info at controlware.de | https://www.controlware.de | Sitz: 63128 Dietzenbach | Registergericht: Offenbach a.M., HRB Nr. 6431 | Gesch?ftsf?hrer: Bernd Schwefing, Michael K?chen, Dr. Marc Wilczek | Aufsichtsratsvorsitzender: Christof Ziegler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-erlang-devel/attachments/20250624/5f18e85f/attachment.htm>
More information about the Pkg-erlang-devel
mailing list