[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1043504: Another regression fix for CVE-2022-23123



Package: netatalk
Version: 3.1.12~ds-3+deb10u2
X-Debbugs-Cc: team@security.debian.org,debian-lts@lists.debian.org

Dear Debian Security team,

Would you be able to help me get the following critical regression fix
into the Buster netatalk package?

The regression was introduced with the patch for CVE-2022-23123 and is
impacting a subset of users that have certain metadata in their shared
files. The issue leads to an unavoidable crash and renders netatalk
useless with their shared volumes.

Separately, it also contains a fix for saving MS Office files onto an
otherwise functioning shared volume.

This is the commit with the fix in question:
https://github.com/Netatalk/netatalk/commit/7dbde0ce704be7fbdb23e893e05cedced337350d

See this PR for discussion and links back to the user reported issue tickets:
https://github.com/Netatalk/netatalk/pull/178

See also Bug#1036740 for the previous batch of regression fixes for
the same CVE.

Thank you!


Reply to: