Bug#1105009: Acknowledgement (bookworm-pu: package erlang/1:25.2.3+dfsg-1+deb12u2)
On Thu, 2025-06-26 at 13:34 +0300, Sergei Golovan wrote:
> I would like to amend the erlang/1:25.2.3+dfsg-1+deb12u2 with
> additional patch which fixes CVE-2025-4748 (insufficient sanitizing
> of filepaths when extracting files from archives, see [1]). I'm
> attaching the patch itself and a cumulative difference to
> erlang/1:25.2.3+dfsg-1+deb12u1 which is currently in Debian stable.
Unfortunately the arch:all build is failing, with a run of errors of
the form:
error : xmlAddEntity: invalid redeclaration of predefined entity
error : xmlAddEntity: invalid redeclaration of predefined entity
runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 795 element variable
XSLT-variable: Redefinition of variable 'cval'.
runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 796 element variable
XSLT-variable: Redefinition of variable 'link_cval'.
runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 795 element variable
XSLT-variable: Redefinition of variable 'cval'.
runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 796 element variable
XSLT-variable: Redefinition of variable 'link_cval'.
Regards,
Adam
Reply to: