[Git][security-tracker-team/security-tracker][master] erlang DSA

Moritz Muehlenhoff (@jmm) Sun, 20 Apr 2025 02:27:24 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
48f5e799 by Moritz Mühlenhoff at 2025-04-20T11:18:47+02:00
erlang DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8501,7 +8501,6 @@ CVE-2025-30371 (Metabase is a business intelligence and 
embedded analytics tool.
        NOT-FOR-US: Metabase
 CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming 
language.  ...)
        - erlang 1:27.3.1+dfsg-1 (bug #1101713)
-       [bookworm] - erlang <no-dsa> (Minor issue)
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
        NOTE: 
https://github.com/erlang/otp/commit/df3aad2c5570847895562ff96a725190571f028c 
(OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
        NOTE: 
https://github.com/erlang/otp/commit/655e20a49ef80431e86ffb6c7f366d01fd4b64c3 
(OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
@@ -22041,7 +22040,6 @@ CVE-2025-27091 (OpenH264 is a free license codec 
library which supports H.264 en
        NOTE: Fixed by: 
https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449
 (v2.6.0)
 CVE-2025-26618 (Erlang is a programming language and runtime system for 
building massi ...)
        - erlang 1:27.2.4+dfsg-1
-       [bookworm] - erlang <no-dsa> (Minor issue)
        [bullseye] - erlang <postponed> (Minor issue)
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr
        NOTE: 
https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872 
(OTP-25.3.2.18, OTP-26.2.5.9, OTP-27.2.4)
@@ -140455,7 +140453,6 @@ CVE-2023-48795 (The SSH transport protocol with 
certain OpenSSH extensions, foun
        [bullseye] - dropbear 2020.81-3+deb11u1
        [buster] - dropbear <not-affected> (ChaCha20-Poly1305 support 
introduced in 2020.79; *-EtM not supported as of 2022.83)
        - erlang 1:25.3.2.8+dfsg-1 (bug #1059002)
-       [bookworm] - erlang <no-dsa> (Minor issue)
        [bullseye] - erlang <no-dsa> (Minor issue)
        [buster] - erlang <no-dsa> (Minor issue)
        - filezilla 3.66.4-1


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Apr 2025] DSA-5906-1 erlang - security update
+       {CVE-2023-48795 CVE-2025-26618 CVE-2025-30211 CVE-2025-32433}
+       [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u1
 [17 Apr 2025] DSA-5905-1 graphicsmagick - security update
        {CVE-2025-27795 CVE-2025-32460}
        [bookworm] - graphicsmagick 1.4+really1.3.40-4+deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -14,9 +14,6 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 --
 commons-vfs (apo)
 --
-erlang
-  Maintainer is contacted for preparing an update
---
 frr
   coordination with the maintainer ongoing, Daniel Baumann proposing an update
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48f5e799ed17465b65c6b048daf3222e81d3f1c2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48f5e799ed17465b65c6b048daf3222e81d3f1c2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] erlang DSA

Reply via email to