Bug 1177354 (CVE-2020-25623) - VUL-0: CVE-2020-25623: erlang: Erlang/OTP: allows attackers to read arbitrary files via a crafted HTTP request
Summary: VUL-0: CVE-2020-25623: erlang: Erlang/OTP: allows attackers to read arbitrary...
Status: RESOLVED FIXED
Alias: CVE-2020-25623
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.3
Hardware: Other Other
: P3 - Medium : Minor (vote)
Target Milestone: ---
Assignee: Matwey Kornilov
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/268687/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-06 09:41 UTC by Robert Frohl
Modified: 2024-05-22 02:50 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Robert Frohl 2020-10-06 09:41:51 UTC 
only relevant for Tumbleweed/Factory
Comment 2 Matwey Kornilov 2020-10-06 10:25:26 UTC 
Update for Factory has been prepared in sr#839763

For openSUSE Leap, please contact Gabriele Santomaggio, since erlang for Leap comes from SLE.
Comment 3 Matwey Kornilov 2020-10-19 08:11:45 UTC 
(In reply to Matwey Kornilov from comment #2)
> Update for Factory has been prepared in sr#839763
> 
> For openSUSE Leap, please contact Gabriele Santomaggio, since erlang for
> Leap comes from SLE.

Erlang 23.1.1 is in Factory, so I close this now.