-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 04 Apr 2026 16:45:31 +0300
Source: erlang
Architecture: source
Version: 1:27.3.4.1+dfsg-1+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org>
Changed-By: Sergei Golovan <sgolovan@debian.org>
Closes: 1128651 1130912
Changes:
 erlang (1:27.3.4.1+dfsg-1+deb13u2) trixie; urgency=medium
 .
   [ Lucas Kanashiro ]
   * Fix CVE-2026-21620.
     Relative Path Traversal, Improper Isolation or Compartmentalization
     vulnerability in Erlang OTP (tftp_file modules). Closes: #1128651
   * Fix CVE-2026-23941.
     Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
     vulnerability in Erlang OTP (inets httpd module) allows HTTP Request
     Smuggling.
     - d/p/CVE-2026-23941.patch
   * Fix CVE-2026-23942.
     Improper Limitation of a Pathname to a Restricted Directory ('Path
     Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path
     Traversal.
     - d/p/CVE-2026-23942.patch
   * Fix CVE-2026-23943.
     Improper Handling of Highly Compressed Data (Compression Bomb)
     vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of
     Service via Resource Depletion.
     - d/p/CVE-2026-23943.patch
     Closes: #1130912
Checksums-Sha1:
 257dd81488b5a65ccf22b1dc6bc5edbe431a3a0f 4942 erlang_27.3.4.1+dfsg-1+deb13u2.dsc
 fd2fb83babb193080dde220b48cd747ecd34e9c1 81592 erlang_27.3.4.1+dfsg-1+deb13u2.debian.tar.xz
 009e5c3a9865f14dc8d1ed35385c14f745bc75a5 32187 erlang_27.3.4.1+dfsg-1+deb13u2_amd64.buildinfo
Checksums-Sha256:
 b4ea709dcf33f86d488ad2bf6301eb8c47c9adec68f4ea0a86eb1d779ef00c08 4942 erlang_27.3.4.1+dfsg-1+deb13u2.dsc
 6d8eb82e8667bdfec2c8acbb910fd5bbbee0b0fb81c198e830fb9c26767ff77c 81592 erlang_27.3.4.1+dfsg-1+deb13u2.debian.tar.xz
 8c6813a4d80310eafca9cec6463f7f70bab366f813d1e46cbcf7784fd92b194d 32187 erlang_27.3.4.1+dfsg-1+deb13u2_amd64.buildinfo
Files:
 c1940739194f0b92925659034a4cc1b7 4942 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u2.dsc
 65f43668662b1c192620f6615ea67701 81592 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u2.debian.tar.xz
 f14007a6d5a303ee50b04c9b9ee7b72d 32187 interpreters optional erlang_27.3.4.1+dfsg-1+deb13u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAmnRF+QACgkQTyrk60tj
54cayA/6A3puUNhnpsYoUbRvufPT67BVJD/DxlicLRZYKON5leoaYGZJixKhVB2e
12f3E2srfPtTsYhYNlHc8+eFHpse/zaodcjShk+bAULRDn1qlLDTOuk/LCWZ+h9O
OXEHQeGOzNDwINcMlcO4+kQt75dETFCLKqS4kkchPfW7jQBVpwOV2paykafBiWPj
aVAWnD9xhKcVmklrPzpkZkCiXRaDdFVhdARIxoQjI5TVhw5G7JYAHcLl140mCJHB
mhiuYPMFXL3ZggUrgU3Njubs+bM8lBQtvRkg9zRnD+WGdcF7IRJSjEMqedid4zwi
XAxijL5oLYDscqT/eJZ/Iyvc5yMRw8Axfxc4/cVSysMxRkjnv3cWdjG4uLXmFRIQ
TrOXYWRJoNnovvM8yv5tOBRf5rBAyzIK5aJmUIqtYlvYCkA8kF5C6WObC65/2bIq
9ZQ5t/IMWGpjYO5MlNEAQgxY/aF4XgJ2Yd+cx5Kuuv8DG0WQmsIKrnLCTL9Fxi55
u65OntHekTaVwZ1L22D7A9++lrNiwj7bYd33e1BF0Lpsv2ksdl/97ksL31DWllu7
WXo7R/+WRvvsSKOnJimlDNLVZ2aj+v95yF8gxyRLQpNkfJzsHGrK6JyU30ZpffFp
ZKke9/5FRJMMYK1V6A3s5CEQA1xGfuKkDcW7SoZ+nyuOgYVmhJw=
=trvd
-----END PGP SIGNATURE-----