CVE-2020-25623: Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. Cleanup appears to be partially addressed by bug 740894, otherwise we need to stabilize a fixed version. Maintainers, please call for stabilization when ready.
(Shifting the blocker because it'll be a pain for stabilisation). Maintainer: ping. ready?
(In reply to Sam James from comment #1) > (Shifting the blocker because it'll be a pain for stabilisation). > > Maintainer: ping. ready? It was since done in bug 753464. Please cleanup.
Unable to check for sanity: > no match for package: dev-lang/erlang-23.1.1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f06f1d7a8d16f0c9730128c56f2a8e22e88b42a3 commit f06f1d7a8d16f0c9730128c56f2a8e22e88b42a3 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2021-04-28 18:16:02 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2021-04-28 18:16:23 +0000 dev-lang/erlang: drop old Bug: https://bugs.gentoo.org/749345 Bug: https://bugs.gentoo.org/765796 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> dev-lang/erlang/Manifest | 3 - dev-lang/erlang/erlang-23.0.4.ebuild | 158 ----------------------------------- 2 files changed, 161 deletions(-)
GLSA request filed.
Package list is empty or all packages have requested keywords.
Affected versions no longer in tree.