Bug#1024021: marked as done (netatalk: CVE-2022-45188)
Your message dated Tue, 02 May 2023 19:03:55 +0000
with message-id <E1ptvI3-001nO6-37@fasolo.debian.org>
and subject line Bug#1024021: fixed in netatalk 3.1.15~ds-1
has caused the Debian Bug report #1024021,
regarding netatalk: CVE-2022-45188
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1024021: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024021
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: netatalk: CVE-2022-45188
- From: Moritz Mühlenhoff <jmm@inutil.org>
- Date: Sun, 13 Nov 2022 20:36:32 +0100
- Message-id: <Y3FHQN/RkXKWfXTy@pisco.westfalen.local>
Source: netatalk
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for netatalk.
CVE-2022-45188[0]:
| Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow
| resulting in code execution via a crafted .appl file. This provides
| remote root access on some platforms such as FreeBSD (used for
| TrueNAS).
https://rushbnt.github.io/bug%20analysis/netatalk-0day/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-45188
https://www.cve.org/CVERecord?id=CVE-2022-45188
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: netatalk
Source-Version: 3.1.15~ds-1
Done: Jonas Smedegaard <dr@jones.dk>
We believe that the bug you reported is fixed in the latest version of
netatalk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1024021@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Smedegaard <dr@jones.dk> (supplier of updated netatalk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 02 May 2023 20:13:06 +0200
Source: netatalk
Architecture: source
Version: 3.1.15~ds-1
Distribution: unstable
Urgency: high
Maintainer: Debian Netatalk team <pkg-netatalk-devel@lists.alioth.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Closes: 1013308 1024021 1025011
Changes:
netatalk (3.1.15~ds-1) unstable; urgency=high
.
[ upstream ]
* new release
+ fixes CVE-2022-45188 CVE-2022-45188;
closes: bug#1024021, thanks to Moritz Mühlenhoff
.
[ Jonas Smedegaard ]
* adopt package, thanks to renewed interest in the Netatalk team;
add Daniel Markstedt as uploader;
closes: bug#1013308;
closes: bug#1025011, thanks to Moritz Mühlenhoff
* drop patches obsoleted by upstream changes
* unfuzz patches
* update copyright info: update coverage
* generate documentation from Markdown source;
build-depend on cmark-gfm
* add patch 202 to avoid privacy leak in documentation
* set urgency=high due to fixing CVE issue
Checksums-Sha1:
321a6569d19b21f5a54ba67e8d224835fc57f874 2464 netatalk_3.1.15~ds-1.dsc
8e7422000e568e8866a26866d7dc4c32b23f4ffc 866396 netatalk_3.1.15~ds.orig.tar.xz
055565a84326f0c1f900beb1fa45081a97084a9f 42228 netatalk_3.1.15~ds-1.debian.tar.xz
a4c7e891e7ddd900f02e69c06364a9bcf58d1d26 16885 netatalk_3.1.15~ds-1_amd64.buildinfo
Checksums-Sha256:
f0a6b1c6111e302310d9c4698bcdcb1ee2c74ef40854062ec929b67d9b3143f3 2464 netatalk_3.1.15~ds-1.dsc
d1241bc697e9648b889440011996a9a6fd455e4556b9325bf8276634901fff95 866396 netatalk_3.1.15~ds.orig.tar.xz
304fcb215120fe452df054519b00e264c670035dd25327ca5e5af146a70d4cfa 42228 netatalk_3.1.15~ds-1.debian.tar.xz
6e8681a43808cba9b82df8216f8b1d9030724d9e2da0408e29ec89cc2d8912b3 16885 netatalk_3.1.15~ds-1_amd64.buildinfo
Files:
0e2a37e8079c791d964691075bb8ddb8 2464 net optional netatalk_3.1.15~ds-1.dsc
62dbf3b08744d90291f8757087824a15 866396 net optional netatalk_3.1.15~ds.orig.tar.xz
60b560cbe449450b8e25cd2a95a36e0c 42228 net optional netatalk_3.1.15~ds-1.debian.tar.xz
f24a3d74aabc19e501dcacdcf1fcffc6 16885 net optional netatalk_3.1.15~ds-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmRRWc4ACgkQLHwxRsGg
ASElXhAAl+i7SbVObwb+U6X3WR+ZR/OxoN1TyabAm79G/gtqnAbxrj7aOq5UnkNu
30vEosk+bkSj9p43tLmd9L2sUPm1TYZwPmrhzlqfpQ5UK8ilbDAzofsvPuTlwMOx
6fYX1vheMeEAmM2rYElio5YtRy8m5KRKSdaNDoNrn4TeIe2GghhA+JrZ3uv6Rwim
X7RzDxWrftij5Q9rUYHXGu3DC74MXnlv3qP4ql95b4UEfUWMA3b8Saps4S7qnnRW
zI/RK0UZxkKgqm+3AyS3OcsLl2JBROScVR64ebaDrgRkmcmu5bM0iowLG/B3FWUm
EwB/td241x3ZZxtfDbNz4vM95gK/1D/rpwfG4hinFbgamFo8rwBCs4hBvo3SmHvG
QqLPfxm5s/tVw0I+RJUdfhVV8tSbBhAcVLI5FhXz+gKg9cvSI8r5K2sC8NxnC01c
FeAI5vx6DP+B97/RBMXqeuCOrz62ny/rYrs7ULQ3k9pGPc/EqNpwV2ctRsb+HbY0
+4fZ+GnQH/TsrW5Q1wiuj8GV8QuByXA7coHsf+pgq7is0swbSEHbYjmk87o2NcXc
4d1c26UPynmpSz9Vz5IRM6Pop3uKwazUzZaPxYo0ZJrh9ZHUDT3WfkEPDVtCs3z5
6pupLivX0EvJizxJEFUmJJUYBWnH0CtH7HfYpLsgDponZvT2t/E=
=cnbo
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: