On Thu, 2025-06-26 at 13:34 +0300, Sergei Golovan wrote: > I would like to amend the erlang/1:25.2.3+dfsg-1+deb12u2 with > additional patch which fixes CVE-2025-4748 (insufficient sanitizing > of filepaths when extracting files from archives, see [1]). I'm > attaching the patch itself and a cumulative difference to > erlang/1:25.2.3+dfsg-1+deb12u1 which is currently in Debian stable.
Unfortunately the arch:all build is failing, with a run of errors of the form: error : xmlAddEntity: invalid redeclaration of predefined entity error : xmlAddEntity: invalid redeclaration of predefined entity runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 795 element variable XSLT-variable: Redefinition of variable 'cval'. runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 796 element variable XSLT-variable: Redefinition of variable 'link_cval'. runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 795 element variable XSLT-variable: Redefinition of variable 'cval'. runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 796 element variable XSLT-variable: Redefinition of variable 'link_cval'. Regards, Adam
