Package: release.debian.org Severity: normal X-Debbugs-Cc: erl...@packages.debian.org, t...@security.debian.org, Sergei Golovan <sgolo...@debian.org>, car...@debian.org Control: affects -1 + src:erlang User: release.debian....@packages.debian.org Usertags: unblock
Hi release team, [Note not the maintainer here, but reaching out to you as security team member] erlang/1:27.3.3+dfsg-1 fixes a critical CVE, CVE-2025-32433, #1103442, in the Erlang/OTP SSH server allowing unauthenticated remote code execution. The upload to unstable contained more than that and the fix is included in the new upstream version. The set of changes though is still limited, and I'm adding the maintainer here as well fo X-Debbugs-CC to confirm. https://github.com/erlang/otp/releases/tag/OTP-27.3.3 If you agree to please lower the required time for transition to testing to allow to fix CVE-2025-32433. Regards, Salvatore
erlang_27.3.3+dfsg-1.debdiff.xz
Description: application/xz
