erlang (1:28.0.4+dfsg-1) [PTS] [DDPO]

OLD: VCS is behind the version in the archive: 1:27.3.4.3+dfsg-1 < 1:28.0.4+dfsg-1.

Git: https://salsa.debian.org/erlang-team/packages/erlang.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 14168064
Browser: https://salsa.debian.org/erlang-team/packages/erlang
Last scan: 2025-10-20 09:28:07+00
Next scan: 2025-10-28 12:51:00+00
Merge requests: 3

Debian changelog in Git:

erlang (1:27.3.4.3+dfsg-1) unstable; urgency=medium

  * New upstream release.
  * Fix CVE-2025-48038: allocation of resources without limits or throttling
    vulnerability in the ssh_sftp module allows excessive allocation,
    resource leak exposure (closes: #1115093).
  * Fix CVE-2025-48039: allocation of resources without limits or throttling
    vulnerability in the ssh_sftp module allows excessive allocation,
    resource leak exposure (closes: #1115092).
  * Fix CVE-2025-48040: uncontrolled resource consumption vulnerability in
    the ssh_sftp module allows excessive allocation, flooding (closes: 1115091).
  * Fix CVE-2025-48041: allocation of resources without limits or throttling
    vulnerability in the ssh_sftp module allows excessive allocation,
    flooding (closes: #1115090).
  * Fix CVE-2016-1000107: inets does not protect applications from the presence
    of untrusted client data in the HTTP_PROXY environment variable
    (closes: #1115086).

 -- Sergei Golovan <sgolovan@debian.org>  Mon, 15 Sep 2025 18:42:37 +0300

This branch is even with tag debian/1%27.3.4.3+dfsg-1