[Git][security-tracker-team/security-tracker][master] Reference upstream commits for ntfs-3g issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 8 08:40:24 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7c1fa237 by Salvatore Bonaccorso at 2022-06-08T09:39:51+02:00
Reference upstream commits for ntfs-3g issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4829,11 +4829,14 @@ CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in n
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
+ NOTE: https://github.com/tuxera/ntfs-3g/commit/6efc1305c1951c1d72181f449f2fab68fa25fae8 (2022.5.17)
CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mf ...)
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
+ NOTE: https://github.com/tuxera/ntfs-3g/commit/a8818cf779d3a32f2f52337c6f258c16719625a3 (2022.5.17)
+ NOTE: https://github.com/tuxera/ntfs-3g/commit/bce5734a757fd59d70a52f4d4fe9abe260629b3a (2022.5.17)
CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memory read ...)
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
@@ -4848,6 +4851,8 @@ CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in n
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
+ NOTE: https://github.com/tuxera/ntfs-3g/commit/838b6e35b43062353998853eab50cd0675201ed7 (2022.5.17)
+ NOTE: https://github.com/tuxera/ntfs-3g/commit/5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f (2022.5.17)
CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fuse_lib_ ...)
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
@@ -4862,6 +4867,7 @@ CVE-2022-30784 (A crafted NTFS image can cause heap exhaustion in ntfs_get_attri
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
+ NOTE: https://github.com/tuxera/ntfs-3g/commit/60717a846deaaea47e50ce58872869f7bd1103b5 (2022.5.17)
CVE-2022-30783 (An invalid return code in fuse_kern_mount enables intercepting of libf ...)
- ntfs-3g 1:2022.5.17-1 (bug #1011770)
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2
@@ -7074,6 +7080,7 @@ CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer over
NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x
NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17
+ NOTE: https://github.com/tuxera/ntfs-3g/commit/96412e28e5c7ac2d15f1cff8c825330bbb60976e (2022.5.17)
CVE-2022-1544 (Formula Injection/CSV Injection due to Improper Neutralization of Form ...)
NOT-FOR-US: yii-helpers
CVE-2022-29967 (static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c1fa237671e1f50dc6f763048f6fe4a85429ea3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c1fa237671e1f50dc6f763048f6fe4a85429ea3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220608/86715a88/attachment.htm>
More information about the debian-security-tracker-commits
mailing list