| Release | Version |
|---|---|
| jessie | 1:17.3-dfsg-4+deb8u2 |
| stretch | 1:19.2.1+dfsg-2+really23.3.4.18-0+deb9u2 |
| stretch (security) | 1:19.2.1+dfsg-2+deb9u1 |
| buster | 1:22.2.7+dfsg-1+deb10u1 |
| bullseye | 1:23.2.6+dfsg-1+deb11u1 |
| bookworm | 1:25.2.3+dfsg-1 |
| trixie | 1:25.3.2.12+dfsg-3 |
| sid | 1:25.3.2.12+dfsg-3 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-48795 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | The SSH transport protocol with certain OpenSSH extensions, found in O ... |
| CVE-2022-37026 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ... |
| CVE-2020-12872 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1000107 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ... |
| CVE-2009-0130 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | lib/crypto/c_src/crypto_drv.c in erlang does not properly check the re ... |
| Bug | Description |
|---|---|
| CVE-2021-29221 | A local privilege escalation vulnerability was discovered in Erlang/OT ... |
| CVE-2020-35733 | An issue was discovered in Erlang/OTP before 23.2.2. The ssl applicati ... |
| CVE-2020-25733 | webTareas through 2.1 allows upload of the dangerous .exe and .shtml f ... |
| CVE-2020-25623 | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Director ... |
| CVE-2017-1000385 | The Erlang otp TLS server answers with different TLS alerts to differe ... |
| CVE-2016-10253 | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of com ... |
| CVE-2015-2774 | Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes w ... |
| CVE-2014-3566 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ... |
| CVE-2014-1693 | Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OT ... |
| CVE-2011-3389 | The SSL protocol, as used in certain configurations in Microsoft Windo ... |
| CVE-2011-0766 | The random number generator in the Crypto application before 2.0.2.2, ... |
| DSA / DLA | Description |
|---|---|
| DLA-3491-1 | erlang - security update |
| ELA-754-1 | erlang - security update |
| DLA-1207-1 | erlang - security update |
| DSA-4057-1 | erlang - security update |