[Pkg-netatalk-devel] Bug#1043504: Another regression fix for CVE-2022-23123
Daniel Markstedt
markstedt at gmail.com
Sat Aug 12 06:45:15 BST 2023
Package: netatalk
Version: 3.1.12~ds-3+deb10u2
X-Debbugs-Cc: team at security.debian.org,debian-lts at lists.debian.org
Dear Debian Security team,
Would you be able to help me get the following critical regression fix
into the Buster netatalk package?
The regression was introduced with the patch for CVE-2022-23123 and is
impacting a subset of users that have certain metadata in their shared
files. The issue leads to an unavoidable crash and renders netatalk
useless with their shared volumes.
Separately, it also contains a fix for saving MS Office files onto an
otherwise functioning shared volume.
This is the commit with the fix in question:
https://github.com/Netatalk/netatalk/commit/7dbde0ce704be7fbdb23e893e05cedced337350d
See this PR for discussion and links back to the user reported issue tickets:
https://github.com/Netatalk/netatalk/pull/178
See also Bug#1036740 for the previous batch of regression fixes for
the same CVE.
Thank you!
More information about the pkg-netatalk-devel
mailing list