[Git][security-tracker-team/security-tracker][master] netatalk DSA

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Sep 20 18:45:27 BST 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1125a02a by Moritz Mühlenhoff at 2023-09-20T19:44:49+02:00
netatalk DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -55530,7 +55530,6 @@ CVE-2022-45189
 CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow  ...)
 	{DLA-3426-1}
 	- netatalk 3.1.15~ds-1 (bug #1024021)
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/
 	NOTE: https://github.com/Netatalk/netatalk/commit/dfab56846e8f454fe0548347ae6437bd12a05925
 	NOTE: https://github.com/Netatalk/netatalk/commit/952b510d38914ed215858883f395da33d8b7e396 (netatalk-3-1-15)
@@ -62501,7 +62500,6 @@ CVE-2022-43635 (This vulnerability allows network-adjacent attackers to disclose
 CVE-2022-43634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.15~ds-1 (bug #1034170)
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://github.com/Netatalk/Netatalk/pull/186
 	NOTE: https://github.com/advisories/GHSA-fwj9-7qq8-jc93
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-094/
@@ -122288,13 +122286,11 @@ CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux k
 CVE-2022-23125 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa
 CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
 	NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression:
@@ -122305,7 +122301,6 @@ CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive
 CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
@@ -122317,7 +122312,6 @@ CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive
 CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
 	NOTE: Causes a regression:
@@ -122328,7 +122322,6 @@ CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary
 CVE-2022-23121 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c
 	NOTE: https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1
@@ -122375,7 +122368,6 @@ CVE-2022-21134 (A firmware update vulnerability exists in the "update"
 CVE-2022-0194 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
 	NOTE: Causes a regression:
@@ -168755,7 +168747,6 @@ CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges
 CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
 	{DLA-3426-1}
 	- netatalk 3.1.13~ds-1
-	[bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release)
 	NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
 	NOTE: https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f
 CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Sep 2023] DSA-5503-1 netatalk - security update
+	{CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122 CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634 CVE-2022-45188 CVE-2023-42464}
+	[bullseye] - netatalk 3.1.12~ds-8+deb11u1
 [18 Sep 2023] DSA-5502-1 xrdp - security update
 	{CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493}
 	[bullseye] - xrdp 0.9.21.1-1~deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -33,8 +33,6 @@ lldpd (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
-netatalk/oldstable (jmm)
---
 nodejs
   maintainer proposed to follow the upstream 18.x LTS branch
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1125a02a3bdf15804837072a03b8c0e4466d6341

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1125a02a3bdf15804837072a03b8c0e4466d6341
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230920/cae3af74/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list