-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 16 Oct 2025 19:46:29 +0200 Source: erlang Architecture: source Version: 1:23.2.6+dfsg-1+deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Debian Erlang Packagers <[email protected]> Changed-By: Jochen Sprickerhof <[email protected]> Changes: erlang (1:23.2.6+dfsg-1+deb11u3) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2025-4748: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. * CVE-2025-48038, CVE-2025-48039, CVE-2025-48041: Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure, Flooding. These vulnerabilities are associated with program files lib/ssh/src/ssh_sftpd.erl. Checksums-Sha1: f5ae65ae1546a9f6fff9e341086128a47d40861e 5137 erlang_23.2.6+dfsg-1+deb11u3.dsc 20483e8ae60e54e0d52e9ba8652aaaa36e3b6fa6 89236 erlang_23.2.6+dfsg-1+deb11u3.debian.tar.xz b3a6829e32978b325faf2e50c99448af07cc84fa 5999 erlang_23.2.6+dfsg-1+deb11u3_source.buildinfo Checksums-Sha256: 30fd67cdf8d22c22aea66f0d3a85ccc07d58f183bdfd6002f64b7f226e5c043f 5137 erlang_23.2.6+dfsg-1+deb11u3.dsc 9ccf68953c55d201d3a548f5fb1684acabdbfe927148a5d320c53624d738fbdd 89236 erlang_23.2.6+dfsg-1+deb11u3.debian.tar.xz 46bc804dbf8b1b4f45726c7a0509bdacd5b9a71b5cfb32694f34cba882b64ed5 5999 erlang_23.2.6+dfsg-1+deb11u3_source.buildinfo Files: 24b7c1cbbe8e4fcbc275b3833fdf01b7 5137 interpreters optional erlang_23.2.6+dfsg-1+deb11u3.dsc 9333850908a973b5a826d2c2c4fc6998 89236 interpreters optional erlang_23.2.6+dfsg-1+deb11u3.debian.tar.xz cefbe295c1352a7a29460a6b1b2d0c05 5999 interpreters optional erlang_23.2.6+dfsg-1+deb11u3_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmkbUIAACgkQW//cwljm lDM5yBAAlhmuef86LNK4T+Fdg8PHwVb4n35WIJv4ZCjOw4aa8a3/C8LeYyslxCXR 1nStR5tDylPt2cAvYVW4tNx7VBZ98mxbUcFcxuOsTHqJRJHo577c6RH/Xcqk6/En t7NmHhgxjxaeDNDrCXJffAJ+4IibSLV5k2QA1S7ainxHHWqqWfuubDxC0nkHkEJe +pVTUeBgf6lFnyT+YbmHYIjkEUBeLMupl4dEnNVUGS2p4RQ87YOva91+G5MTeFix y4sCvg1jq+x04I3iyvhogsVudoUMg24VwkDiK0wOpZhDVX+F7BcNR1rTNqjS2cW0 7e5X4d+gPYpqQdxRbMh6JLUmMF8/enAptxPYqqViN5UAdXqBuwlF/gwcElDscUIp TM+lh5Zzs0Z8K1UlkSNpuZNAmPZQ5jcMrcugeOlh+BAXXbSvReWqJgvNTv9W/QhF bu6JLFaFbC4I40pb5Lupg+R4fgL6WQ6aSZhmhyZmLgfZV5RMwNKxBwJ6CYhBoesV amDGEnT0wmEOlpOUrJlKAD0cTSMPDhbQPWrBFpchijd5aw4w7O43n/LSyjEU6Zlw nAm8JCHnkJ2LpqzDJkTQLxQ9wTRb3cFjMnXqf7C/zto/i0bWOUNX11U1pIka/hkg +esKQudZqZRtiJuFaju4dpgHw5eGhcLW7PNpo9ZK30M9gt7ggsI= =0SFi -----END PGP SIGNATURE-----
pgpT9kLIjE8pg.pgp
Description: PGP signature
