CVE-2022-37026 (https://github.com/erlang/otp/compare/OTP-23.3.4.14...OTP-23.3.4.15): https://erlangforums.com/c/erlang-news-announcements/91 https://erlangforums.com/t/otp-25-1-released/1854 In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. Please stabilize 24.3.4.2
Thanks! Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ccbd3cc6cd04468bfced25feefd02b1b7a66caa6 commit ccbd3cc6cd04468bfced25feefd02b1b7a66caa6 Author: Matthew Smith <matthew@gentoo.org> AuthorDate: 2022-09-25 08:42:42 +0000 Commit: Matthew Smith <matthew@gentoo.org> CommitDate: 2022-09-25 08:46:31 +0000 dev-lang/erlang: drop 24.3.3-r1, security cleanup Bug: https://bugs.gentoo.org/872272 Signed-off-by: Matthew Smith <matthew@gentoo.org> dev-lang/erlang/Manifest | 1 - dev-lang/erlang/erlang-24.3.3-r1.ebuild | 162 -------------------------------- 2 files changed, 163 deletions(-)
Thank you! I'm not really sure what to make of the impact here, do you think it needs a GLSA?