-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 04 Apr 2026 16:45:31 +0300 Source: erlang Binary: erlang erlang-doc erlang-examples erlang-jinterface erlang-mode erlang-nox erlang-src erlang-x11 Architecture: all Version: 1:27.3.4.1+dfsg-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Sergei Golovan Description: erlang - Concurrent, real-time, distributed functional language erlang-doc - Erlang/OTP HTML documentation erlang-examples - Erlang/OTP application examples erlang-jinterface - Java communication tool to Erlang erlang-mode - Erlang major editing mode for Emacs erlang-nox - Erlang/OTP applications that don't require X Window System erlang-src - Erlang/OTP applications sources erlang-x11 - Erlang/OTP applications that require X Window System Closes: 1128651 1130912 Changes: erlang (1:27.3.4.1+dfsg-1+deb13u2) trixie; urgency=medium . [ Lucas Kanashiro ] * Fix CVE-2026-21620. Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in Erlang OTP (tftp_file modules). Closes: #1128651 * Fix CVE-2026-23941. Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. - d/p/CVE-2026-23941.patch * Fix CVE-2026-23942. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. - d/p/CVE-2026-23942.patch * Fix CVE-2026-23943. Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. - d/p/CVE-2026-23943.patch Closes: #1130912 Checksums-Sha1: 622aee81e4287b95f4dccf2923c049d1f533667d 16819500 erlang-doc_27.3.4.1+dfsg-1+deb13u2_all.deb 6da0d12e63e0bdc3803c9c4ca57331f590009b8e 963564 erlang-examples_27.3.4.1+dfsg-1+deb13u2_all.deb 42e7dbf71e61ea6fb83984071884774362234242 114448 erlang-jinterface_27.3.4.1+dfsg-1+deb13u2_all.deb 5b685a831d3f6eda9902847620ed1983a196c205 94164 erlang-mode_27.3.4.1+dfsg-1+deb13u2_all.deb 5331d1b01383330fec00ed03a5df260a2aa90e1c 15780 erlang-nox_27.3.4.1+dfsg-1+deb13u2_all.deb c2008f2780348415be1b2dd47078df2c5aa5acfb 6115200 erlang-src_27.3.4.1+dfsg-1+deb13u2_all.deb 320cb7951f766766fc3cf70475426376cec230c1 15740 erlang-x11_27.3.4.1+dfsg-1+deb13u2_all.deb a399b878966647da2cd8cd49d8e9e0b475a5e23a 18571 erlang_27.3.4.1+dfsg-1+deb13u2_all-buildd.buildinfo f2aa534cc1e3771ccbf298ad52b59d58f067b525 16136 erlang_27.3.4.1+dfsg-1+deb13u2_all.deb Checksums-Sha256: 93b1ef9c0ecf3da16a1d25ce3f513d8baea72aa5ed233ba2b5adba8f2a9be46f 16819500 erlang-doc_27.3.4.1+dfsg-1+deb13u2_all.deb 0831d564f5dffa37cea36394a0a5bb874f4a23b03f4f2513df8d210dfd6663ef 963564 erlang-examples_27.3.4.1+dfsg-1+deb13u2_all.deb 5934091bbd69c2937c0a613fea79beda835371e7259bcb7584d54ff1045e1e3d 114448 erlang-jinterface_27.3.4.1+dfsg-1+deb13u2_all.deb a3d79f193c0baa8f262704dffe0ffbe27d904b10acdfb0385c6a32768bb3842f 94164 erlang-mode_27.3.4.1+dfsg-1+deb13u2_all.deb 8248fc780828b0ba01b11b0b3d008863c7bd0dc6aa7aee868548261db39e2275 15780 erlang-nox_27.3.4.1+dfsg-1+deb13u2_all.deb 76cc9b988d041955617a192e4949a9e193c67bf73d1686b9fe83f3a09e22b88b 6115200 erlang-src_27.3.4.1+dfsg-1+deb13u2_all.deb 659deb648decb13b54a5abab7f75cec5fc44c054967139afe21382bb183e872e 15740 erlang-x11_27.3.4.1+dfsg-1+deb13u2_all.deb 08083f0285b6310ab4f826307b4adffda9f073f5f9a1299d5d623df2eb3371f4 18571 erlang_27.3.4.1+dfsg-1+deb13u2_all-buildd.buildinfo 674058d6ad51d4fa7fa76e5c346cf21be2fb7bc7286a2b97d4bcb16813f8a64e 16136 erlang_27.3.4.1+dfsg-1+deb13u2_all.deb Files: 4a7502ed08ed124f57f70ff36ec769ca 16819500 doc optional erlang-doc_27.3.4.1+dfsg-1+deb13u2_all.deb 89c00058ec8f74d7d39ad0bff20d25b4 963564 interpreters optional erlang-examples_27.3.4.1+dfsg-1+deb13u2_all.deb d1bc83d486360e385806e10caa4b4477 114448 interpreters optional erlang-jinterface_27.3.4.1+dfsg-1+deb13u2_all.deb 913fb564cd2a91099234dbc96aff5a79 94164 interpreters optional erlang-mode_27.3.4.1+dfsg-1+deb13u2_all.deb 8f380afc931f395907270def57addf8a 15780 interpreters optional erlang-nox_27.3.4.1+dfsg-1+deb13u2_all.deb cbb69535b749d68f49ebf4783e400c8e 6115200 interpreters optional erlang-src_27.3.4.1+dfsg-1+deb13u2_all.deb 2a70d6a508ae25874ec7de9d5ab5774e 15740 interpreters optional erlang-x11_27.3.4.1+dfsg-1+deb13u2_all.deb 0bc0e699155522ad299a7ea73b8fdad0 18571 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u2_all-buildd.buildinfo 9adb8214bdf7bd3d2677afead729339a 16136 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn2WzcACgkQmgPNRvTf /zeT4BAAo/UyzbDghgglm+fOFmoftyPR5xW7mEnBgERKHwvZoIilHUrVh/tn9Bwj 4ZoFyl4+1XLXgfB7h4G1uBkCQM15dKU4FHI3jRvBy1+OfbwWleEolKgduJAVVyBp N9dYz+lI8isFWFl/2uqbbir+hWaHlBdTkNOB82Vw+Uu6ATgd+z8tl9N9pExgVAxM BcofP3ywgz6nzoevjRII8DgLppxbRoNYmc06zl9PQyJcTGa0+5uCd6WbXgaPIxuY Iwqhsk4BtDeBTYNxWsnqAclR09RHevCOLjCfmf8ryQjYlRBCXd4h0CdxSuahgB/q pbWDTxcLVMmVZE3KSBcJyJYjpvCTMeA2p96crL3iPvvY1KNULDwcuQ6/JvKa0w2v eHoYbORzGOOVCFsa9meafgZUfrzc0kfbVEKI04+3KJEZ2PsEexYFBnnbl0TeHeax 0dV3Q3B3Sm4RGNiCQVNgBMLyM2n8Lb6IipcHB4YG5V1PKOn6tRFvYDsGEjvEeXfl gDW1L+ENVZcfc51w0z83TvgUM3Jetac5PvZGVspo5GfkAOj2rtPqCphmLAdqi3Wk sQl9C8ibJb+gmwPYwMKrMCZ+8pGLpiB5NydWYcCT9KSOZz71fxAYlHXetRaweI1K ClEc9u6DgNAOjXkaXQergtVuLzouFHl5+Ji7U9Lux6CteR1POHs= =owou -----END PGP SIGNATURE-----