Bug#1043504: Another regression fix for CVE-2022-23123
Package: netatalk
Version: 3.1.12~ds-3+deb10u2
X-Debbugs-Cc: team@security.debian.org,debian-lts@lists.debian.org
Dear Debian Security team,
Would you be able to help me get the following critical regression fix
into the Buster netatalk package?
The regression was introduced with the patch for CVE-2022-23123 and is
impacting a subset of users that have certain metadata in their shared
files. The issue leads to an unavoidable crash and renders netatalk
useless with their shared volumes.
Separately, it also contains a fix for saving MS Office files onto an
otherwise functioning shared volume.
This is the commit with the fix in question:
https://github.com/Netatalk/netatalk/commit/7dbde0ce704be7fbdb23e893e05cedced337350d
See this PR for discussion and links back to the user reported issue tickets:
https://github.com/Netatalk/netatalk/pull/178
See also Bug#1036740 for the previous batch of regression fixes for
the same CVE.
Thank you!
Reply to: