Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted erlang 1:23.2.6+dfsg-1+deb11u4 (source) into oldoldstable-security
Date: Mon, 18 May 2026 23:20:18 +0000
Signed by: Lucas Kanashiro <kanashiro@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 May 2026 16:57:14 -0300
Source: erlang
Architecture: source
Version: 1:23.2.6+dfsg-1+deb11u4
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org>
Changed-By: Lucas Kanashiro <kanashiro@debian.org>
Changes:
 erlang (1:23.2.6+dfsg-1+deb11u4) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2026-23941.
     Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
     vulnerability in Erlang OTP (inets httpd module) allows HTTP Request
     Smuggling.
     - d/p/CVE-2026-23941.patch
   * Fix CVE-2026-23942.
     Improper Limitation of a Pathname to a Restricted Directory ('Path
     Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path
     Traversal.
     - d/p/CVE-2026-23942.patch
   * Fix CVE-2026-23943.
     Improper Handling of Highly Compressed Data (Compression Bomb)
     vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of
     Service via Resource Depletion.
     - d/p/CVE-2026-23943.patch
   * Fix CVE-2026-21620.
     Insufficient path sanitizing in tftp_file module
     - d/p/CVE-2026-21620.patch
Checksums-Sha1:
 d1be02176798be484647b09570ace0e9afaa78af 5166 erlang_23.2.6+dfsg-1+deb11u4.dsc
 afa02feb6c29977e3b91f9ed7be287004b44235d 45298504 erlang_23.2.6+dfsg.orig.tar.xz
 18c517e7fcf1704b9ef77cc1b2c8d0be578564d4 97548 erlang_23.2.6+dfsg-1+deb11u4.debian.tar.xz
 610e8502c352a4ecf34126a5332e8128af400b21 6187 erlang_23.2.6+dfsg-1+deb11u4_source.buildinfo
Checksums-Sha256:
 10cbed63fc8630f7d2e9d10fe984e3ea17d3e14d137636e575535242af2f69ae 5166 erlang_23.2.6+dfsg-1+deb11u4.dsc
 e6e513922e26d08026b6b25906881b45fde33085b6dfc89f6cbbb315fd4fc51c 45298504 erlang_23.2.6+dfsg.orig.tar.xz
 4647ee8cd1111a993bb7785aa2bc0b9b104deb47273dfdbd5083b40f15126dac 97548 erlang_23.2.6+dfsg-1+deb11u4.debian.tar.xz
 f20e8f57b7b14e1c2b5c64696da125408bed4183dc3d9011208a5715355aa5ed 6187 erlang_23.2.6+dfsg-1+deb11u4_source.buildinfo
Files:
 9b58bda06a2462c98aa64f8bf71ecc34 5166 interpreters optional erlang_23.2.6+dfsg-1+deb11u4.dsc
 5124e4670d0e18686c38eb58df5f9166 45298504 interpreters optional erlang_23.2.6+dfsg.orig.tar.xz
 6fac92ac5ac77b3d71cd2d7e1685a9cb 97548 interpreters optional erlang_23.2.6+dfsg-1+deb11u4.debian.tar.xz
 c024a09844bd7e04ff26c98d9f413e74 6187 interpreters optional erlang_23.2.6+dfsg-1+deb11u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCgAzFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAmoLm2sVHGthbmFzaGly
b0BkZWJpYW4ub3JnAAoJEPgjonKYg8l82Z0QAIAG+DvlxR0cIiVzerJ1jchIjao6
3Uc53R/64BaX0VJoO6sowiEROdzOVbXuVVOPwiiYs1sw7yMyttmdGHKhUJWuHN2f
rAOxqnP2z/5T3hlW6wJGn1dPiy2y/F09D6iLQwwXSa+37w8/vf0OhAp+afVRldyJ
+a1tz3wi4n4wqNwcNkis2w94rrjmPn8Oix2/9EZVOIEiy0ktCtXI2CWrnqBninS0
u7TeQXrOzFqPZlrTGJHQTDH9i+c+7fD8eps70/CHkURn8gGLYUENWo/Wuh1D3nFF
/NvpmGfzCQtdm3iYTMWR8rGSDms5Zxwp+8VQPCd85Sjgei0gr3+wu4N2saflzMKr
YwxWUcfDaBVNoKKXVTpI+LDCTGVHbh8YL/GiVeA+W/iJJZSwThUuERMIADrDDiBm
wTnO0Ba/kw13+U6mVDNWjGIi2J1WCNHMJRB8Y74btKsAVj4nPUH6TBGUvgSwg7ga
KKnXynY2AjK/zF2RhYsqRYIRT/3erbRk1fvSY/bTGu1uFhKGRP/tjSu75V7XV1yw
y+JZEMJ0ZVHeckxcaKYxp5U9phDosisPlmpWULljKLWA2G98uN0x8cSra4mmOdVu
aQ16hDs7DLk+9NijITwPOnDdzPTtGQSJUyEngzRUvWPf/ur7iJ7/1AlI4z+DjwpQ
6rgumdQVZDSg0gce
=0en8
-----END PGP SIGNATURE-----
News for package erlang
