[Pkg-erlang-devel] erlang_27.3.4.1+dfsg-1+deb13u2_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Apr 4 15:33:56 BST 2026
Thank you for your contribution to Debian.
Mapping trixie to stable.
Mapping stable to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 04 Apr 2026 16:45:31 +0300
Source: erlang
Architecture: source
Version: 1:27.3.4.1+dfsg-1+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: Debian Erlang Packagers <pkg-erlang-devel at lists.alioth.debian.org>
Changed-By: Sergei Golovan <sgolovan at debian.org>
Closes: 1128651 1130912
Changes:
erlang (1:27.3.4.1+dfsg-1+deb13u2) trixie; urgency=medium
.
[ Lucas Kanashiro ]
* Fix CVE-2026-21620.
Relative Path Traversal, Improper Isolation or Compartmentalization
vulnerability in Erlang OTP (tftp_file modules). Closes: #1128651
* Fix CVE-2026-23941.
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in Erlang OTP (inets httpd module) allows HTTP Request
Smuggling.
- d/p/CVE-2026-23941.patch
* Fix CVE-2026-23942.
Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path
Traversal.
- d/p/CVE-2026-23942.patch
* Fix CVE-2026-23943.
Improper Handling of Highly Compressed Data (Compression Bomb)
vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of
Service via Resource Depletion.
- d/p/CVE-2026-23943.patch
Closes: #1130912
Checksums-Sha1:
257dd81488b5a65ccf22b1dc6bc5edbe431a3a0f 4942 erlang_27.3.4.1+dfsg-1+deb13u2.dsc
fd2fb83babb193080dde220b48cd747ecd34e9c1 81592 erlang_27.3.4.1+dfsg-1+deb13u2.debian.tar.xz
009e5c3a9865f14dc8d1ed35385c14f745bc75a5 32187 erlang_27.3.4.1+dfsg-1+deb13u2_amd64.buildinfo
Checksums-Sha256:
b4ea709dcf33f86d488ad2bf6301eb8c47c9adec68f4ea0a86eb1d779ef00c08 4942 erlang_27.3.4.1+dfsg-1+deb13u2.dsc
6d8eb82e8667bdfec2c8acbb910fd5bbbee0b0fb81c198e830fb9c26767ff77c 81592 erlang_27.3.4.1+dfsg-1+deb13u2.debian.tar.xz
8c6813a4d80310eafca9cec6463f7f70bab366f813d1e46cbcf7784fd92b194d 32187 erlang_27.3.4.1+dfsg-1+deb13u2_amd64.buildinfo
Files:
c1940739194f0b92925659034a4cc1b7 4942 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u2.dsc
65f43668662b1c192620f6615ea67701 81592 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u2.debian.tar.xz
f14007a6d5a303ee50b04c9b9ee7b72d 32187 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmnRF+QACgkQTyrk60tj
54cayA/6A3puUNhnpsYoUbRvufPT67BVJD/DxlicLRZYKON5leoaYGZJixKhVB2e
12f3E2srfPtTsYhYNlHc8+eFHpse/zaodcjShk+bAULRDn1qlLDTOuk/LCWZ+h9O
OXEHQeGOzNDwINcMlcO4+kQt75dETFCLKqS4kkchPfW7jQBVpwOV2paykafBiWPj
aVAWnD9xhKcVmklrPzpkZkCiXRaDdFVhdARIxoQjI5TVhw5G7JYAHcLl140mCJHB
mhiuYPMFXL3ZggUrgU3Njubs+bM8lBQtvRkg9zRnD+WGdcF7IRJSjEMqedid4zwi
XAxijL5oLYDscqT/eJZ/Iyvc5yMRw8Axfxc4/cVSysMxRkjnv3cWdjG4uLXmFRIQ
TrOXYWRJoNnovvM8yv5tOBRf5rBAyzIK5aJmUIqtYlvYCkA8kF5C6WObC65/2bIq
9ZQ5t/IMWGpjYO5MlNEAQgxY/aF4XgJ2Yd+cx5Kuuv8DG0WQmsIKrnLCTL9Fxi55
u65OntHekTaVwZ1L22D7A9++lrNiwj7bYd33e1BF0Lpsv2ksdl/97ksL31DWllu7
WXo7R/+WRvvsSKOnJimlDNLVZ2aj+v95yF8gxyRLQpNkfJzsHGrK6JyU30ZpffFp
ZKke9/5FRJMMYK1V6A3s5CEQA1xGfuKkDcW7SoZ+nyuOgYVmhJw=
=trvd
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-erlang-devel/attachments/20260404/35c50093/attachment.sig>
More information about the Pkg-erlang-devel
mailing list