[Pkg-erlang-devel] erlang_29.0.2+dfsg-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri Jun 12 19:19:43 BST 2026 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Jun 2026 20:36:06 +0300
Source: erlang
Architecture: source
Version: 1:29.0.2+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Erlang Packagers <pkg-erlang-devel at lists.alioth.debian.org>
Changed-By: Sergei Golovan <sgolovan at debian.org>
Closes: 1045018 1124853 1139727 1139823
Changes:
 erlang (1:29.0.2+dfsg-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fix CVE-2026-48855: Exposure of Sensitive Information to an Unauthorized
       Actor vulnerability in Erlang OTP ssh application (ssh_sftpd module).
     - Fix CVE-2026-48856: Sensitive Data Exposure vulnerability in Erlang OTP
       inets application (httpc_response module).
     - Fix CVE-2026-48858: Server-Side Request Forgery (SSRF) vulnerability in
       Erlang/OTP ftp application (ftp_internal module).
     - Fix CVE-2026-48859: Observable Timing Discrepancy vulnerability in
       Erlang/OTP ssh application (ssh_auth, ssh_options modules).
     - Fix CVE-2026-48860: Reliance on IP Address for Authentication
       vulnerability in Erlang/OTP ssl application (inet_tls_dist module).
     - Fix CVE-2026-49759: Stack-based Buffer Overflow vulnerability in Erlang
       OTP erts (inet_drv).
     - Fix CVE-2026-49760: Stack-based Buffer Overflow vulnerability in Erlang
       OTP (erl_interface).
     Closes: #1139727, #1139823.
   * Drop dependencies of erlang-jinterface on java1-runtime-headless,
     java1-runtime because they don't exist anymore.
   * Drop providing erlang-pcre by erlang-base because it is not used by
     any package and is not necessary anymore.
   * Promote libsctp1 from recommends to depends because erl now emits a
     warning if it cannot find the libsctp library, which make some packages
     that build depend on Erlang FTBFS.
   * Add a patch which fixes enabling build of odbcserver.
   * Add pkgconf and libglib2.0-dev to the build dependencies for erlang-wx.
   * Refine interdependencies of the binary packages.
   * Use the default build flags (closes: #1124853).
   * Clean up the code which stops epmd on erlang-base removal/upgrade.
   * Do more thorough cleanup after building the package (closes: #1045018).
   * Fix debian/watch to sort upstream version 29.0 after 29.0-rc3.
   * Fix collecting examples which are now installed along with the
     documentation, make links to them in the erlang-doc package.
   * Switch from ronn to the internal manpage generation escript for
     generating manpages in section 1.
   * Add symlink /usr/lib/erlang/man to the Erlang manpages in the erlang-doc
     package.
   * Compress manpages in the erlang-doc package.
   * Use -n option for gzip when compressing manpages for reproducibility.
   * Do not remove id from the EPUB contents files in docs, just replace it
     by a deterministic value.
   * Replace echo by printf in the makefile for generating docs because
     sometimes echo "\n" prints literal \n for reproducibility.
   * Move HTML and EPUB docs directly to the /usr/share/doc/erlang-doc
     directory.
   * Respect SOURCE_DATE_EPOCH when generating footers of HTML docs for
     reproducibility.
Checksums-Sha1:
 b0494f5c21cb7ecbc9e54ede7bbd342548288ef6 5002 erlang_29.0.2+dfsg-1.dsc
 2199eb78fd3f51eaa690e38a1467873683a04456 49253348 erlang_29.0.2+dfsg.orig.tar.xz
 57531eb6509af98678d84a85ee5b40f782d3b667 61932 erlang_29.0.2+dfsg-1.debian.tar.xz
 e4ddd32871955ef3c0341672d3cf1c7477992ddd 32569 erlang_29.0.2+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 b1ac5e8c01b6f7828fe7283492a2d4201a58bce158c3b12268b2302d4d87d0b5 5002 erlang_29.0.2+dfsg-1.dsc
 14c1277b6ac0c6940952d253389dc04b1bf129c30a77567d99c99c9d5592eb42 49253348 erlang_29.0.2+dfsg.orig.tar.xz
 bf585df968de5f14d5fdf163b8b45011a454549d2f159c38eab13812f65a8141 61932 erlang_29.0.2+dfsg-1.debian.tar.xz
 62c4631305af5e752b9a04f845ca2da5e5cd417ceb3591134cbe50da27a576ea 32569 erlang_29.0.2+dfsg-1_amd64.buildinfo
Files:
 a9202e0fd46291c6001632880d373ec3 5002 interpreters optional erlang_29.0.2+dfsg-1.dsc
 6dd10e3f187393805df50ec099f3f158 49253348 interpreters optional erlang_29.0.2+dfsg.orig.tar.xz
 4fdbf975ed79957231f6b11987d3ae5d 61932 interpreters optional erlang_29.0.2+dfsg-1.debian.tar.xz
 7174d95200c893b3e5f7d12f2c53fc5b 32569 interpreters optional erlang_29.0.2+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmosSVQACgkQTyrk60tj
54eE3hAAv1aMx0iOdUogBWWqwa4vs6mQvKCkTE5D0q1pq3s4LuMbeyHjel92A/lW
cWN1Q+XyZiyxvt26F5HNkY8q7W0AiNj1Y9C26cjENHew2ysUXzmQT5SxeUir/2A7
rUA62M4eT9RYZTM5DW9iRBILMlDogqDGE03RIF/4ltFYofBwkJhDW9Cn11PjNqqx
PWGn0UyBT0qD1VQXnH7fJUumAoJc2SEXASuMdnJboWyb1qDNvkGhk/LrjF4L34N1
ybgVBsMkmXn7/oypPtPGFMpB4adqUdXcfpxYfW0jhpb0tIuUDJn1gqcM17Cxi7HE
zXfIJ9MhFYz+rQ59f/MEQen0L7/u1JIhGO3sq25f+L4DeQEG9ofzW4gvI+cyTzir
cN0PB7W3qdgqlVe0bwvKAMFaI5Otg6OJIz3mkry5Ar4CaxKHEXaWO9MvoWmm0DjD
dzZlIpnZ0qPTQ3nwopXlEpekgVIVK+Ice8wRPIxBJJDoA56mAU9a45QRz+vphUMT
H5BXSp1mgXz+PuUpu35sLeQNHEX12f40dJ14j+OopgpkU52UjOidh2Z2rXD9UgUB
7C5n1VehFmebFKla127IamcbFxTIer7wlXKdopUk9wb/Obrwc9dUYoJorRZYcbBk
NKkSSZL550xYngOq2y6mP/vnSSncViqc1XuPmQYn4cMuQ96ljjg=
=SxVz
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-erlang-devel/attachments/20260612/aa6f5b90/attachment.sig>

More information about the Pkg-erlang-devel mailing list