[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#998627: linux: please enable the new NTFS3 driver in 5.15



Hey.

Seems there were at least a series of commits from upstream last
November and few again this January.
And there even seem to be some more in their dev branch.


The number of CVEs mentioned by Salvatore is worrying, but it looks
even much worse over the years for ntfs-3g:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ntfs-3g

Plus it seems ntfs-3g upstream is even less active than ntfs3's:
https://github.com/tuxera/ntfs-3g/
Last commit June 2023.


Of course this could also just mean that ntfs-3g is simply more mature
and less issues are found - dunno.
Security-wise the same, could mean that they've no ironed out all
issues, or simply no-one looks at it anymore.


What I did notice in this bug is that quite some people pushed for
enabling it, with email addresses that look in style similar to those
that where used in the XZ social engineering or like throw away
addresses.



Cheers,
Chris.


Reply to: