[erlang-questions] Windows Patch Packages?

Peter Tirrell ptirrell@REDACTED
Wed Dec 20 15:55:00 CET 2017


Hello all,

I saw an existing recent thread about general patch packages but didn't
necessarily want to hijack that thread.  I currently am using OTP 18.2.1 on
Windows but became aware of security advisory CVE-2017-1000385 (
https://nvd.nist.gov/vuln/detail/CVE-2017-1000385#VulnChangeHistoryDiv)

It looks like I can get OTP 18.3.4.7+ and have the advisory addressed, but
I'm unclear on how to do so. The downloads page simply lists an 18.3
download and doesn't list the fixed OTP bug number in the readme.  The
earlier thread I saw seemed to imply that Windows builds on the downloads
page aren't updated.

So my question is - how do I apply the latest Windows patched builds?  Are
there patched Windows release builds available somewhere?  If I download a
version from the downloads page, will that be the latest available major
point version, including any patches for that point version?

Or if there's a patch package put out, do I need to either compile that
version from source, or wait until there is another major point version
released that comes *after* that patch package was created?  For example,
I'm looking for a fix for bug "OTP-14748". The only Windows build that
appears to be dated since that was fixed is 20.2, yet the readme for that
does not include a reference to 14748 either.

Thanks for any info!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20171220/abf0e2fd/attachment.htm>


More information about the erlang-questions mailing list