Source: erlang Version: 1:27.3.4.6+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/erlang/otp/pull/10706 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 1:27.3.4.1+dfsg-1 Control: found -1 1:25.2.3+dfsg-1 Control: found -1 1:25.2.3+dfsg-1+deb12u1 Control: found -1 1:25.2.3+dfsg-1+deb12u3
Hi, The following vulnerability was published for erlang. CVE-2026-21620[0]: | Relative Path Traversal, Improper Isolation or Compartmentalization | vulnerability in erlang otp erlang/otp (tftp_file modules), erlang | otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) | allows Relative Path Traversal. This vulnerability is associated | with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. | This issue affects otp: from 17.0, from | 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; | otp: from 1.0. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-21620 https://www.cve.org/CVERecord?id=CVE-2026-21620 [1] https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp [2] https://github.com/erlang/otp/pull/10706 [3] https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e [4] https://github.com/erlang/otp/commit/655fb95725ba2fb811740b57e106873833824344 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
