-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Apr 2026 13:54:55 +0300
Source: erlang
Binary: erlang erlang-doc erlang-examples erlang-jinterface erlang-manpages erlang-mode erlang-nox erlang-src erlang-x11
Architecture: all
Version: 1:25.2.3+dfsg-1+deb12u4
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Sergei Golovan <sgolovan@debian.org>
Description:
 erlang     - Concurrent, real-time, distributed functional language
 erlang-doc - Erlang/OTP HTML/PDF documentation
 erlang-examples - Erlang/OTP application examples
 erlang-jinterface - Java communication tool to Erlang
 erlang-manpages - Erlang/OTP manual pages
 erlang-mode - Erlang major editing mode for Emacs
 erlang-nox - Erlang/OTP applications that don't require X Window System
 erlang-src - Erlang/OTP applications sources
 erlang-x11 - Erlang/OTP applications that require X Window System
Closes: 1115090 1115091 1115092 1115093 1128651 1130912
Changes:
 erlang (1:25.2.3+dfsg-1+deb12u4) bookworm; urgency=medium
 .
   [ Jochen Sprickerhof ]
   * Add salsa-ci
   * Add gbp.conf.
     Needed to reproduce the orig.tar with empty directories.
   * Fix CVE-2025-48038: allocation of resources without limits or throttling
     vulnerability in the ssh_sftp module allows excessive allocation,
     resource leak exposure (closes: #1115093).
   * Fix CVE-2025-48039: allocation of resources without limits or throttling
     vulnerability in the ssh_sftp module allows excessive allocation,
     resource leak exposure (closes: #1115092).
   * Fix CVE-2025-48040: uncontrolled resource consumption vulnerability in
     the ssh_sftp module allows excessive allocation, flooding (closes: 1115091).
   * Fix CVE-2025-48041: allocation of resources without limits or throttling
     vulnerability in the ssh_sftp module allows excessive allocation,
     flooding (closes: #1115090).
 .
   [ Lucas Kanashiro ]
   * Fix CVE-2026-23941.
     Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
     vulnerability in Erlang OTP (inets httpd module) allows HTTP Request
     Smuggling.
   * Fix CVE-2026-23942.
     Improper Limitation of a Pathname to a Restricted Directory ('Path
     Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path
     Traversal.
   * Fix CVE-2026-23943.
     Improper Handling of Highly Compressed Data (Compression Bomb)
     vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of
     Service via Resource Depletion.
     Closes: #1130912.
 .
   [ Sergei Golovan ]
   * Fix CVE-2026-21620.
     Relative Path Traversal, Improper Isolation or Compartmentalization
     vulnerability in Erlang/OTP (tftp_file modules) (closes: 1128651).
Checksums-Sha1:
 1bae1a72a906304061e4af6f61ee2d4aab4ab7bf 21820260 erlang-doc_25.2.3+dfsg-1+deb12u4_all.deb
 4643acfb6de6e4df5f28910103e3a8345c8cd05c 962400 erlang-examples_25.2.3+dfsg-1+deb12u4_all.deb
 6e86632d46b55ad8b692465a6b7ea700753f2b20 114548 erlang-jinterface_25.2.3+dfsg-1+deb12u4_all.deb
 afeb528cbea339c40fb27feaeba8a806b40cc222 1917800 erlang-manpages_25.2.3+dfsg-1+deb12u4_all.deb
 ac64e2acf13c5571f997a9da911432deaf34c988 93532 erlang-mode_25.2.3+dfsg-1+deb12u4_all.deb
 979b23b973bd97a2fb792921d99d99c1c41cad29 16256 erlang-nox_25.2.3+dfsg-1+deb12u4_all.deb
 a34f115c7c7fabef90a6a703d24729477f911ee9 4979564 erlang-src_25.2.3+dfsg-1+deb12u4_all.deb
 12a96ec73f5f23b21a586b6fe1a8760a3b073457 16208 erlang-x11_25.2.3+dfsg-1+deb12u4_all.deb
 16748840036818f14e6d11f5619c64cd0ff739f3 17850 erlang_25.2.3+dfsg-1+deb12u4_all-buildd.buildinfo
 50e39c7fefc750b6b0403725c94ad19773ed6793 16608 erlang_25.2.3+dfsg-1+deb12u4_all.deb
Checksums-Sha256:
 7d172cecfdd9c2930b27c776ad226ffcc84670375cf830c79ee41c6944e8a1c8 21820260 erlang-doc_25.2.3+dfsg-1+deb12u4_all.deb
 5a49711791194d3af9f322e70f8cdfc968f8a13caa28e51ec48b66901190ab81 962400 erlang-examples_25.2.3+dfsg-1+deb12u4_all.deb
 580defde0f85cbcf72e59337abb1e679c873c3fc71c988cc2b6570a8db49d795 114548 erlang-jinterface_25.2.3+dfsg-1+deb12u4_all.deb
 e8730a12ce1d535878122194c46e5de12c409739cb2685250e7b55e3b45b5767 1917800 erlang-manpages_25.2.3+dfsg-1+deb12u4_all.deb
 7b3a528bbaa9adc3cc289db6429f5a7dc5a3f5d385a1fa2847adacb98e2cb74e 93532 erlang-mode_25.2.3+dfsg-1+deb12u4_all.deb
 95b87d7c1d52f1b235fea358216e3149303a4e5d37f42e411fcbb45eda56b82a 16256 erlang-nox_25.2.3+dfsg-1+deb12u4_all.deb
 52fc8fbd533e0d094514ba54ff7b7a3244b2cf02a4905cf36dfeccb346d3479b 4979564 erlang-src_25.2.3+dfsg-1+deb12u4_all.deb
 6a498de89897d43840762a1939f06f68c7375c0cfd88b57973b081938d21d45b 16208 erlang-x11_25.2.3+dfsg-1+deb12u4_all.deb
 b6d1b5670d7cc808cabcded22a0f6dbedb74032acdd4051b71ba0cd999b559dd 17850 erlang_25.2.3+dfsg-1+deb12u4_all-buildd.buildinfo
 bf181d1d185afbc20754bfe8468a022f63c20f7ce5bcef4667f3480a229d04ab 16608 erlang_25.2.3+dfsg-1+deb12u4_all.deb
Files:
 7ee01a6d89c861138bf5fb271581981e 21820260 doc optional erlang-doc_25.2.3+dfsg-1+deb12u4_all.deb
 125afb13dd0c4e7816a0cb61c1132bd5 962400 interpreters optional erlang-examples_25.2.3+dfsg-1+deb12u4_all.deb
 cbdd40341d86e3331238d6d980f51210 114548 interpreters optional erlang-jinterface_25.2.3+dfsg-1+deb12u4_all.deb
 4bd48b639803cb8dc81ced7eb886e6bc 1917800 doc optional erlang-manpages_25.2.3+dfsg-1+deb12u4_all.deb
 7525950bb0096fe7a7ec8df3219c0a2b 93532 interpreters optional erlang-mode_25.2.3+dfsg-1+deb12u4_all.deb
 f92dfd1405784438243b61bdd2a0a840 16256 interpreters optional erlang-nox_25.2.3+dfsg-1+deb12u4_all.deb
 68e2ee6bbe8edcc8485a6ed4fc54bb79 4979564 interpreters optional erlang-src_25.2.3+dfsg-1+deb12u4_all.deb
 789650758bdfbace502af5bc526d2a63 16208 interpreters optional erlang-x11_25.2.3+dfsg-1+deb12u4_all.deb
 63a736e57b4e860a9840335f81b143d6 17850 interpreters optional erlang_25.2.3+dfsg-1+deb12u4_all-buildd.buildinfo
 fdf38879f872ef2654b21a0a32aeb2c1 16608 interpreters optional erlang_25.2.3+dfsg-1+deb12u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmn3hSIACgkQaBVi67oX
tfkj5RAAl3//QFCQgU59RXGKV3/xhUpxpcp9qed4U62qA/7FTIQhm12DXU4JKqeg
p5vmW1oqRnFrsaSRz5jdYlMbht1T5uGS3TvKagzgt230PdDbRDP7fD09vvPQLjEi
OrwBatXCUSUyCqEOQSFA7PeMJ6LyUZF+sR2FBraG6X7Eli0NMycYNZcKqVFEimox
CoglRkAEUjsTvpZ+nYp9UBLsqq8qiFbFsxoGmWRBG9Q2CstvlTu4Z1s9hbuDZYsJ
OvWKVcchXbv1YcXdOEW2rh990jVbETXqTRaGp8THUB2F9454GrmQGZq5F5CVWvx/
VLHrbqsnOMw03ksgh7xTp64Cqou3X/Ue28SZBK+MxbOvgnm6qUAua1+gnAUZp4U1
+XogFZq9Iwjb2YgNWQ7hx1POeKcMFYxASJgdGC0z/EdaaqnpIkOFL+qomQ88OAso
FKVbGUHWO9XMyVP8ea9jMwlIgYPaomhwDrY3mnykzuRFY7zQF7Q8n6o3RLMPqW5q
QR4F+QdVh26FlCXy4bZM3jwWKuzzV3p7iaHr+1z+BJMlVoWukWVZBO5gIJ0uR0rn
+Qs9i73gl92olBaZ18Wra7IfKSKXOHS3FQakEjcLimJ47B0jB+MkXxDRZue5rNkJ
W9RCAE7xsYUpU8duQedeprM6qhZZYgWuNULHZb1X0C9cHOq99Ms=
=SHkg
-----END PGP SIGNATURE-----