Debian Patches
Status for erlang/1:27.3.4.1+dfsg-1+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| clean.patch | clean.patch by Sergei Golovan <sgolovan@nes.ru> Erlang leaves many files after make clean. This patch contains a hack to remove them. |
no | ||||
| gnu.patch | (1) Defines GNU macros not only for Linux but also for any system with 'gnu' substring in OS name. Fixes FTBFS on GNU/kFreeBSD and GNU/Hurd. (2) Undefines BSD4_4 for os_mon application for GNU/Hurd; (3) Undefines AF_LINK for GNU/Hurd; (4) Switches some PATH_MAX occurrences to MAXPATHLEN; (5) Adds a workaround for 'erlc -M | sed' being stuck for GNU/Hurd. |
Pino Toscano <pino@debian.org> | no | |||
| javascript.patch | Patch drops JavaScript libraries from the binary package. | Sergei Golovan | no | |||
| x32.patch | This patch fixes FTBFS for x86_x32 architecture (x86_64 with 32-bit integers, longs and pointers). | Sergei Golovan | no | |||
| doc.patch | Patch moves the command line syntax to a separate ``` block, and fixes interpreting | as table column separators. | Sergei Golovan | no | |||
| exdoc.patch | Patch fixes FTBFS when using pbuilder. | Sergei Golovan | no | |||
| CVE-2016-1000107.patch | A mix of patches to fix CVE-2016-1000107 and to test for it. | Upstream (Marcel Lanz <marcellanz@n-1.ch> and Konrad Pietrzak <konrad@erlang.org>) | yes | debian upstream | 2025-09-18 | |
| CVE-2025-48038.patch | ssh: verify file handle size limit for client data - reject handles exceeding 256 bytes (as specified for SFTP) - fixes CVE-2025-48038 |
Upstream (Jakub Witczak <kuba@erlang.org>) | no | 2025-08-27 | ||
| CVE-2025-48039.patch | ssh: ssh_sftpd verify path size for client data - reject max_path exceeding the 4096 limit or according to other option value - fix CVE-2025-48039 |
Upstream (Jakub Witczak <kuba@erlang.org>) | no | 2025-07-11 | ||
| CVE-2025-48040.patch | ssh: key exchange robustness improvements - reduce untrusted data processing for non-debug logs - trim badmatch exceptions to avoid processing potentially malicious data - terminate with kexinit_error when too many algorithms are received in KEX init message |
Jakub Witczak <kuba@erlang.org> | no | backport, https://github.com/erlang/otp/commit/7cd7abb7e19e16b027eaee6a54e1f6fbbe21181a | 2025-08-20 | |
| CVE-2025-48041.patch | ssh: max_handles option added to ssh_sftpd - add max_handles option and update tests (1000 by default) - remove sshd_read_file redundant testcase |
Jakub Witczak <kuba@erlang.org> | no | backport, https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288 | 2025-08-20 | |
| CVE-2026-21620.patch | Merge branch 'raimo/tftp/path-traversal-27/OTP-19981' into maint-27 * raimo/tftp/path-traversal-27/OTP-19981: Fix typos Fix old timing sensitive test case Document security considerations Fix old timing sensitive test case Test option root_dir Rewrite old style catch Validate initial options More info about this CVE: https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp |
Erlang/OTP <otp@erlang.org> | no | debian | upstream, https://github.com/erlang/otp/commit/3970738f687325138eb75f798054fa8960ac354e | 2026-02-19 |
| CVE-2026-23941.patch | Merge branch 'whaileee/inets/httpd/http-request-smuggling/OTP-20007' into maint-27 * whaileee/inets/httpd/http-request-smuggling/OTP-20007: Prevent httpd from parsing HTTP requests when multiple Content-Length headers are present |
Erlang/OTP <otp@erlang.org> | no | debian | upstream, https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b | 2026-03-12 |
| CVE-2026-23942.patch | Merge branch 'kuba/maint-27/ssh/sftp_path/OTP-20009' into maint-27 * kuba/maint-27/ssh/sftp_path/OTP-20009: ssh: Fix path traversal vulnerability in ssh_sftpd root directory validation |
Erlang/OTP <otp@erlang.org> | no | debian | upstream, https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28 | 2026-03-12 |
| CVE-2026-23943.patch | Merge branch 'michal/maint-27/ssh/fix-unbounded-zlib-inflate/OTP-20011' into maint-27 * michal/maint-27/ssh/fix-unbounded-zlib-inflate/OTP-20011: Add test for post-authentication compression Add information about compression-based attacks to hardening guide Adjust documentation to mention that zlib is disabled by default Add tests that verify we disconnect on too large decompressed data Always run compression test Disable zlib by default and limit size of decompressed data |
Erlang/OTP <otp@erlang.org> | no | debian | upstream, https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3 | 2026-03-12 |
All known versions for source package 'erlang'
- 1:29.0~rc3+dfsg-2 (experimental)
- 1:27.3.4.11+dfsg-2 (sid)
- 1:27.3.4.11+dfsg-1 (forky)
- 1:27.3.4.1+dfsg-1+deb13u2 (trixie-proposed-updates)
- 1:27.3.4.1+dfsg-1+deb13u1 (trixie)
- 1:25.2.3+dfsg-1+deb12u4 (bookworm-proposed-updates)
- 1:25.2.3+dfsg-1+deb12u3 (bookworm)
- 1:25.2.3+dfsg-1+deb12u1 (bookworm-security)