Linux's ntfs kernel module, supporting Windows's native filesystem, has three security issues open against it (CVE-2018-12929, CVE-2018-12930, CVE-2018-12931) and there is no sign of progress towards fixing them upstream. This module is limited to read-only functionality by default; its write support only covers overwriting existing files and has been disabled in Debian kernel configurations since stretch. The alternative FUSE-based implementation, ntfs-3g, is far more functional, though it may have lower performance. It is already used in the installer and included in all the desktop tasks (unless installation of Recommends is disabled). I intend to disable building this module in the next upload to sid, targetting buster. I think we should also disable building it in updates to jessie and stretch, but would like to get an OK from the Stable Release Managers before doing that. Ben. -- Ben Hutchings Horngren's Observation: Among economists, the real world is often a special case.
Attachment:
signature.asc
Description: This is a digitally signed message part