[Git][security-tracker-team/security-tracker][master] netatalk references
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jun 21 13:11:37 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2960b590 by Moritz Muehlenhoff at 2022-06-21T14:11:24+02:00
netatalk references
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -32131,22 +32131,44 @@ CVE-2022-23125
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa
CVE-2022-23124
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
+ NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression:
+ NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074
+ NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
+ NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
+ NOTE: but not reviewed/merged upstream so far
CVE-2022-23123
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33
+ NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
+ NOTE: Causes a regression:
+ NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074
+ NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
+ NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
+ NOTE: but not reviewed/merged upstream so far
CVE-2022-23122
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
+ NOTE: Causes a regression:
+ NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074
+ NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
+ NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
+ NOTE: but not reviewed/merged upstream so far
CVE-2022-23121
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c
+ NOTE: https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1
CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...)
NOT-FOR-US: Trend Micro
CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...)
@@ -32191,6 +32213,12 @@ CVE-2022-0194
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
+ NOTE: Causes a regression:
+ NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074
+ NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
+ NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
+ NOTE: but not reviewed/merged upstream so far
CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...)
@@ -41435,7 +41463,7 @@ CVE-2021-44268
CVE-2021-44267
RESERVED
CVE-2021-44266 (GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the mo ...)
- NOT-FOR-US: GUnet Open eClass
+ NOT-FOR-US: GUnet Open eClass
CVE-2021-44265
RESERVED
CVE-2021-44264
@@ -77722,6 +77750,7 @@ CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges
CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE: https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f
CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit
CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -39,6 +39,7 @@ linux (carnil)
ndpi/oldstable
--
netatalk
+ open regression with MacOS, tentative patch not yet merged upstream
--
nodejs (jmm)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2960b5904132da1cd3adaa72ee535332551ec002
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2960b5904132da1cd3adaa72ee535332551ec002
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220621/901b66d1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list