While this is actually a PCRE vulnerability (CVE-2008-2371), in a recent Ubuntu Security Notice this is described as an "erlang-base" issue. FYI. http://www.ubuntu.com/usn/USN-624-2 Kenji Rikitake See also http://www.erlang.org/cgi-bin/ezmlm-cgi/3/820 for my suggestion to deal with this sort of advisories.