Hi, Adam! On Mon, Aug 25, 2025 at 4:19 PM Adam D. Barratt <[email protected]> wrote: > > On Thu, 2025-06-26 at 13:34 +0300, Sergei Golovan wrote: > > I would like to amend the erlang/1:25.2.3+dfsg-1+deb12u2 with > > additional patch which fixes CVE-2025-4748 (insufficient sanitizing > > of filepaths when extracting files from archives, see [1]). I'm > > attaching the patch itself and a cumulative difference to > > erlang/1:25.2.3+dfsg-1+deb12u1 which is currently in Debian stable. > > Unfortunately the arch:all build is failing, with a run of errors of > the form: > > error : xmlAddEntity: invalid redeclaration of predefined entity > error : xmlAddEntity: invalid redeclaration of predefined entity > runtime error: file > /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl > line 795 element variable > XSLT-variable: Redefinition of variable 'cval'. > runtime error: file > /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl > line 796 element variable > XSLT-variable: Redefinition of variable 'link_cval'. > runtime error: file > /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl > line 795 element variable > XSLT-variable: Redefinition of variable 'cval'. > runtime error: file > /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl > line 796 element variable > XSLT-variable: Redefinition of variable 'link_cval'.
I'll see what I can do. This bug never happened to the package before. Cheers! -- Sergei Golovan
