Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted erlang 1:23.2.6+dfsg-1+deb11u3 (source) into oldoldstable-security
Date: Mon, 24 Nov 2025 09:40:21 +0000
Signed by: Jochen Sprickerhof <jspricke@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 16 Oct 2025 19:46:29 +0200
Source: erlang
Architecture: source
Version: 1:23.2.6+dfsg-1+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org>
Changed-By: Jochen Sprickerhof <jspricke@debian.org>
Changes:
 erlang (1:23.2.6+dfsg-1+deb11u3) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2025-4748: Improper Limitation of a Pathname to a Restricted Directory
     ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows
     Absolute Path Traversal, File Manipulation. This vulnerability is
     associated with program files lib/stdlib/src/zip.erl and program routines
     zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory
     option is passed.
   * CVE-2025-48038, CVE-2025-48039, CVE-2025-48041: Allocation of Resources
     Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp
     modules) allows Excessive Allocation, Resource Leak Exposure, Flooding.
     These vulnerabilities are associated with program files
     lib/ssh/src/ssh_sftpd.erl.
Checksums-Sha1:
 f5ae65ae1546a9f6fff9e341086128a47d40861e 5137 erlang_23.2.6+dfsg-1+deb11u3.dsc
 20483e8ae60e54e0d52e9ba8652aaaa36e3b6fa6 89236 erlang_23.2.6+dfsg-1+deb11u3.debian.tar.xz
 b3a6829e32978b325faf2e50c99448af07cc84fa 5999 erlang_23.2.6+dfsg-1+deb11u3_source.buildinfo
Checksums-Sha256:
 30fd67cdf8d22c22aea66f0d3a85ccc07d58f183bdfd6002f64b7f226e5c043f 5137 erlang_23.2.6+dfsg-1+deb11u3.dsc
 9ccf68953c55d201d3a548f5fb1684acabdbfe927148a5d320c53624d738fbdd 89236 erlang_23.2.6+dfsg-1+deb11u3.debian.tar.xz
 46bc804dbf8b1b4f45726c7a0509bdacd5b9a71b5cfb32694f34cba882b64ed5 5999 erlang_23.2.6+dfsg-1+deb11u3_source.buildinfo
Files:
 24b7c1cbbe8e4fcbc275b3833fdf01b7 5137 interpreters optional erlang_23.2.6+dfsg-1+deb11u3.dsc
 9333850908a973b5a826d2c2c4fc6998 89236 interpreters optional erlang_23.2.6+dfsg-1+deb11u3.debian.tar.xz
 cefbe295c1352a7a29460a6b1b2d0c05 5999 interpreters optional erlang_23.2.6+dfsg-1+deb11u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmkbUIAACgkQW//cwljm
lDM5yBAAlhmuef86LNK4T+Fdg8PHwVb4n35WIJv4ZCjOw4aa8a3/C8LeYyslxCXR
1nStR5tDylPt2cAvYVW4tNx7VBZ98mxbUcFcxuOsTHqJRJHo577c6RH/Xcqk6/En
t7NmHhgxjxaeDNDrCXJffAJ+4IibSLV5k2QA1S7ainxHHWqqWfuubDxC0nkHkEJe
+pVTUeBgf6lFnyT+YbmHYIjkEUBeLMupl4dEnNVUGS2p4RQ87YOva91+G5MTeFix
y4sCvg1jq+x04I3iyvhogsVudoUMg24VwkDiK0wOpZhDVX+F7BcNR1rTNqjS2cW0
7e5X4d+gPYpqQdxRbMh6JLUmMF8/enAptxPYqqViN5UAdXqBuwlF/gwcElDscUIp
TM+lh5Zzs0Z8K1UlkSNpuZNAmPZQ5jcMrcugeOlh+BAXXbSvReWqJgvNTv9W/QhF
bu6JLFaFbC4I40pb5Lupg+R4fgL6WQ6aSZhmhyZmLgfZV5RMwNKxBwJ6CYhBoesV
amDGEnT0wmEOlpOUrJlKAD0cTSMPDhbQPWrBFpchijd5aw4w7O43n/LSyjEU6Zlw
nAm8JCHnkJ2LpqzDJkTQLxQ9wTRb3cFjMnXqf7C/zto/i0bWOUNX11U1pIka/hkg
+esKQudZqZRtiJuFaju4dpgHw5eGhcLW7PNpo9ZK30M9gt7ggsI=
=0SFi
-----END PGP SIGNATURE-----

News for package erlang