[Git][security-tracker-team/security-tracker][master] netatalk fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 1 22:13:46 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e82966a9 by Moritz Muehlenhoff at 2026-06-01T23:13:24+02:00
netatalk fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -661,22 +661,22 @@ CVE-2026-41084 (A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE
CVE-2026-42252 (Apache Airflow's official documentation at `core-concepts/dag-run.html ...)
- airflow <itp> (bug #819700)
CVE-2026-49390
- - netatalk <unfixed>
+ - netatalk 4.5.0~ds-1
[trixie] - netatalk <no-dsa> (Minor issue)
[bookworm] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-49390
CVE-2026-49389
- - netatalk <unfixed>
+ - netatalk 4.5.0~ds-1
[trixie] - netatalk <no-dsa> (Minor issue)
[bookworm] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-49389
CVE-2026-49388
- - netatalk <unfixed>
+ - netatalk 4.5.0~ds-1
[trixie] - netatalk <no-dsa> (Feature broken and not working correctly; can be fixed in point release)
[bookworm] - netatalk <no-dsa> (Feature broken and not working correctly; can be fixed in point release)
NOTE: https://netatalk.io/security/CVE-2026-49388
CVE-2026-49387
- - netatalk <unfixed>
+ - netatalk 4.5.0~ds-1
[trixie] - netatalk <no-dsa> (Feature broken and not working correctly; can be fixed in point release)
[bookworm] - netatalk <no-dsa> (Feature broken and not working correctly; can be fixed in point release)
NOTE: https://netatalk.io/security/CVE-2026-49387
@@ -10486,76 +10486,76 @@ CVE-2026-44047 (An SQL injection vulnerability in the MySQL CNID backend in Neta
- netatalk 4.4.3~ds-1 (bug #1137108)
NOTE: https://netatalk.io/security/CVE-2026-44047
CVE-2026-7837 (A time-of-check time-of-use (TOCTOU) condition in the ad_flush functio ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-7837
NOTE: No security impact per upstream assessment
CVE-2026-7836 (An incorrect calculation in the hextoint macro in Netatalk 2.0.0 throu ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-7836
NOTE: No security impact per upstream assessment
CVE-2026-7835 (A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allo ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-7835
NOTE: No security impact per upstream assessment
CVE-2026-44059 (A race condition in the privilege toggle mechanism in Netatalk 2.2.5 t ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44059
NOTE: No security impact per upstream assessment, just hardening
CVE-2026-44058 (An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44058
CVE-2026-44053 (Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44053
CVE-2026-44063 (An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44063
CVE-2026-44061 (Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a ti ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44061
CVE-2026-44056 (A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2 ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44056
CVE-2026-44069 (An integer underflow in the volxlate function in Netatalk 3.0.0 throug ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44069
NOTE: No security impact per upstream assessment
CVE-2026-44067 (A heap over-read in extended attribute (EA) header parsing in Netatalk ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44067
CVE-2026-44065 (An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4. ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44065
CVE-2026-44072 (Netatalk 2.2.1 through 4.4.2 calls system() after a failed chdir() wit ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44072
NOTE: No security impact per upstream assessment
CVE-2026-44071 (Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFY_SOURCE, which ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44071
NOTE: Missing hardening, not a security issue
CVE-2026-44070 (An unbounded memory reallocation in the charset conversion code in Net ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44070
NOTE: Not exploitable per upstream assessment
CVE-2026-44075 (A missing break statement in DSI OpenSession processing in Netatalk 1. ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44075
NOTE: No security impact per upstream assessment
CVE-2026-44074 (Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitw ...)
- - netatalk <unfixed> (unimportant)
- NOTE: https://netatalk.io/security/CVE-2026-44074
+ - netatalk 4.5.0~ds-1 (unimportant)
+ NOTE: https://netatalk.io/security/CVE-2026-44072
NOTE: No security impact per upstream assessment
CVE-2026-44073 (Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check t ...)
- - netatalk <unfixed> (unimportant)
- NOTE: https://netatalk.io/security/CVE-2026-44073
+ - netatalk 4.5.0~ds-1 (unimportant)
+ NOTE: https://netatalk.io/security/CVE-2026-44072
NOTE: No security impact per upstream assessment
CVE-2026-44076 (Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4. ...)
{DSA-6280-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e82966a9a9443a41431d10967f5c9055d290c4be
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e82966a9a9443a41431d10967f5c9055d290c4be
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/b7c8928a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list