Bug#1105009: Acknowledgement (bookworm-pu: package erlang/1:25.2.3+dfsg-1+deb12u2)
Hi, Adam!
On Mon, Aug 25, 2025 at 4:19 PM Adam D. Barratt
<adam@adam-barratt.org.uk> wrote:
>
> On Thu, 2025-06-26 at 13:34 +0300, Sergei Golovan wrote:
> > I would like to amend the erlang/1:25.2.3+dfsg-1+deb12u2 with
> > additional patch which fixes CVE-2025-4748 (insufficient sanitizing
> > of filepaths when extracting files from archives, see [1]). I'm
> > attaching the patch itself and a cumulative difference to
> > erlang/1:25.2.3+dfsg-1+deb12u1 which is currently in Debian stable.
>
> Unfortunately the arch:all build is failing, with a run of errors of
> the form:
>
> error : xmlAddEntity: invalid redeclaration of predefined entity
> error : xmlAddEntity: invalid redeclaration of predefined entity
> runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 795 element variable
> XSLT-variable: Redefinition of variable 'cval'.
> runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 796 element variable
> XSLT-variable: Redefinition of variable 'link_cval'.
> runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 795 element variable
> XSLT-variable: Redefinition of variable 'cval'.
> runtime error: file /build/reproducible-path/erlang-25.2.3+dfsg/bootstrap/lib/erl_docgen/priv/xsl/db_html.xsl line 796 element variable
> XSLT-variable: Redefinition of variable 'link_cval'.
I'll see what I can do. This bug never happened to the package before.
Cheers!
--
Sergei Golovan
Reply to: