Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

To: Daniel Markstedt <markstedt@gmail.com>, 1036740-done@bugs.debian.org
Cc: debian-lts@lists.debian.org
Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata
From: Markus Koschany <apo@debian.org>
Date: Thu, 01 Jun 2023 19:54:55 +0200
Message-id: <[🔎] f952c8229f0d1414781c82b7629c6b47042532ae.camel@debian.org>
In-reply-to: <CAKnbzov9fuvFZFW8_PbvczfOAFaVQTBkFXHTDJwBLq2ut8QguQ@mail.gmail.com>
References: <ZG75/KQGRmqFfZB5@eldamar.lan> <a4b4a0b149a548ca48c87d06fc65cae7bf1630ff.camel@debian.org> <CAKnbzovSj379+mbj4nUi6+mMw7B68K2yreU78N5xaLEzzdu9bg@mail.gmail.com> <CAKnbzotV99X8UPzSee-0WH8DFpoxF4aD5LNCkYrHPM3-vmXQ+g@mail.gmail.com> <1cd04cbd0594f8840dca33ee5e18f207c641627d.camel@debian.org> <CAKnbzov9fuvFZFW8_PbvczfOAFaVQTBkFXHTDJwBLq2ut8QguQ@mail.gmail.com>

Version:  3.1.12~ds-3+deb10u2

Thanks for your report and the detailed replies. I could reproduce the problem
and identify a wrongly applied commit in libatalk/adouble/ad_open.c. After
applying a new patch to fix it, the AppleDouble v2 format seems to work as
intended again. I'm going to close this bug report now.

Best,

Markus

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Make stable-security build logs public after embargo
Next by Date: Debian LTS report for May 2023
Previous by thread: Re: Make stable-security build logs public after embargo
Next by thread: Debian LTS report for May 2023
Index(es):
- Date
- Thread