Patch Package:           OTP 21.3.8.13
Git Tag:                 OTP-21.3.8.13
Date:                    2020-02-03
Trouble Report Id:       OTP-16436, OTP-16438, OTP-16441
Seq num:                 ERL-1152
System:                  OTP
Release:                 21
Application:             erts-10.3.5.9, stdlib-3.8.2.3
Predecessor:             OTP 21.3.8.12

 Check out the git tag OTP-21.3.8.13, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- erts-10.3.5.9 ---------------------------------------------------
 ---------------------------------------------------------------------

 Note! The erts-10.3.5.9 application *cannot* be applied independently
       of other applications on an arbitrary OTP 21 installation.

       On a full OTP 21 installation, also the following runtime
       dependencies have to be satisfied:
       -- kernel-6.1 (first satisfied in OTP 21.1)
       -- sasl-3.3 (first satisfied in OTP 21.2)


 --- Fixed Bugs and Malfunctions ---

  OTP-16436    Application(s): erts
               Related Id(s): ERL-1152

               A process could end up in a state where it got
               endlessly rescheduled without making any progress. This
               occurred when a system task, such as check of process
               code (part of a code purge), was scheduled on a high
               priority process trying to execute on a dirty
               scheduler.


  OTP-16438    Application(s): erts

               Fixed bug in erlang:list_to_ref/1 when called with a
               reference created by a remote note. Function
               list_to_ref/1 is intended for debugging and not to be
               used in application programs. Bug exist since OTP 20.0.


 Full runtime dependencies of erts-10.3.5.9: kernel-6.1, sasl-3.3,
 stdlib-3.5


 ---------------------------------------------------------------------
 --- stdlib-3.8.2.3 --------------------------------------------------
 ---------------------------------------------------------------------

 The stdlib-3.8.2.3 application can be applied independently of other
 applications on a full OTP 21 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-16441    Application(s): stdlib

               A directory traversal vulnerability has been eliminated
               in erl_tar. erl_tar will now refuse to extract symlinks
               that points outside the targeted extraction directory
               and will return {error,{Path,unsafe_symlink}}. (Thanks
               to Eric Meadows-Jönsson for the bug report and for
               suggesting a fix.)


 Full runtime dependencies of stdlib-3.8.2.3: compiler-5.0,
 crypto-3.3, erts-10.0, kernel-6.0, sasl-3.0


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------