-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 08 Jul 2025 10:27:28 +0300 Source: erlang Architecture: source Version: 1:27.3.4.1+dfsg-1+deb13u1 Distribution: trixie Urgency: medium Maintainer: Debian Erlang Packagers Changed-By: Sergei Golovan Closes: 1115086 1115090 1115091 1115092 1115093 Changes: erlang (1:27.3.4.1+dfsg-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-48038: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, resource leak exposure (closes: #1115093). * Fix CVE-2025-48039: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, resource leak exposure (closes: #1115092). * Fix CVE-2025-48040: uncontrolled resource consumption vulnerability in the ssh_sftp module allows excessive allocation, flooding (closes: 1115091). * Fix CVE-2025-48041: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, flooding (closes: #1115090). * Fix CVE-2016-1000107: inets does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable (closes: #1115086). Checksums-Sha1: 5489fe8039263fc5b9573f6a173c13a7113ec45e 5072 erlang_27.3.4.1+dfsg-1+deb13u1.dsc e688433e785157dfb2248610978346d4877f692a 68188 erlang_27.3.4.1+dfsg-1+deb13u1.debian.tar.xz Checksums-Sha256: 6397baa62091fa2f90e9ceb2db6f185ddc2de9d53d3e7e49aae759eaa010a196 5072 erlang_27.3.4.1+dfsg-1+deb13u1.dsc 985cb845ebb72538ddbbaf0947644e4267cd36b49860bdda3f88ecd8f3866bb9 68188 erlang_27.3.4.1+dfsg-1+deb13u1.debian.tar.xz Files: cb0e5b5312fc4865b69bd260d61f96bc 5072 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u1.dsc a00764d9a66384f698ad1f5a30d9df5d 68188 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmmkUUkACgkQW//cwljm lDPQ/RAAm0dhsCTCJXSQITUymD9KBxPdfXMJkFoP2b+8RcEZSQ18A08IjL3lGQqa 0talPoaNbzn1mxh0eiAAsX0s0HkJ8uMYGkCYYD+6CI9v05VR8UFHEZwR+0EG8ry7 TvGVGHtRrvMiObj1Y5b5nzockiEFk8L+vRHJGoXYONmprhGKnJXzUmwfnoRLSe5m g/pDjJn0nP1fchrklYbzwlyvQaVSqgkGhfhSoGrLm8c3SrEz4dd35JsY/LuyafCr L+ArmDF1tUSIzJYEaA9BA+Ei0qNgNbBvr0IFL4Mu0UMHB7V11yank6es2riRbRf8 Kxx+TIfad3i8J4ycsioWmjCoatrbLUWfUD+5PE+fMrDuRPwhR7l/MYthKZhxdkVU r3l7caET7hHy3Iqw3D693MDrdwwzAkp3qMGoL42qb1MHemkPiaJ0j5sjxiJQm1Wy AbSABhki9Ek76OJZY/30Wx8A1gFh5wWd+MxtwbdGOhI4dkLJuQ9bpB/wRbeoU7lh NmcbPqwYqF2EWpdaQMiVr0dHyVx8QyK6iXF9LjDCwoxWHAj+NQ8rJuBJ/XqVFlCy LRKZoMgONKk8d2OBebBrZCc83pazZcT4Mw9qhfmckkqPGyZGWeQySUMY72SnPlck tp0uoG0Xjji5bk8bTxGz6JBS0kL9vhEyUzBpfTGNehYZGLKmfJE= =njpu -----END PGP SIGNATURE-----