Bug 27769

Summary: erlang security update CVE-2020-25623
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-25623
Whiteboard:
Source RPM: erlang-21.3.8.5-5.mga8.src.rpm CVE: CVE-2020-25623
Status comment:

Description Zombie Ryushu 2020-12-06 23:06:12 CET 
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
Zombie Ryushu 2020-12-06 23:06:31 CET

CVE: (none) => CVE-2020-25623

Comment 1 David Walser 2020-12-06 23:11:51 CET 
Issue introduced 22.3.1:
https://www.erlang.org/news

Status: NEW => RESOLVED
Resolution: (none) => INVALID