Bug#998627: linux: please enable the new NTFS3 driver in 5.15

To: 998627@bugs.debian.org
Cc: Salvatore Bonaccorso <carnil@debian.org>
Subject: Bug#998627: linux: please enable the new NTFS3 driver in 5.15
From: Christoph Anton Mitterer <calestyo@scientia.org>
Date: Thu, 02 May 2024 20:31:58 +0200
Message-id: <[🔎] 90ed4c410fbc79ee661673fae4a41c2425de3082.camel@scientia.org>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.org>, 998627@bugs.debian.org
References: <CALbhe3oHcrojQY6u+spVWH_TC97fi8tjHXuSkFcdt3W=YoM2ug@mail.gmail.com>

Hey.

Seems there were at least a series of commits from upstream last
November and few again this January.
And there even seem to be some more in their dev branch.


The number of CVEs mentioned by Salvatore is worrying, but it looks
even much worse over the years for ntfs-3g:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ntfs-3g

Plus it seems ntfs-3g upstream is even less active than ntfs3's:
https://github.com/tuxera/ntfs-3g/
Last commit June 2023.


Of course this could also just mean that ntfs-3g is simply more mature
and less issues are found - dunno.
Security-wise the same, could mean that they've no ironed out all
issues, or simply no-one looks at it anymore.


What I did notice in this bug is that quite some people pushed for
enabling it, with email addresses that look in style similar to those
that where used in the XZ social engineering or like throw away
addresses.



Cheers,
Chris.

Reply to:

Prev by Date: Bug#1060322: marked as done (linux-image-5.10.0-27-amd64: Panic on poweroff after upgrade from 5.10.0-26 to 5.10.0-27)
Next by Date: iproute2_6.8.0-1~bpo12+1_source.changes ACCEPTED into stable-backports
Previous by thread: Bug#1060322: marked as done (linux-image-5.10.0-27-amd64: Panic on poweroff after upgrade from 5.10.0-26 to 5.10.0-27)
Next by thread: Bug#998627: linux: please enable the new NTFS3 driver in 5.15
Index(es):
- Date
- Thread