[Pkg-netatalk-devel] Bug#1043504: Bug#1043504: marked as done (Another regression fix for CVE-2022-23123)

Daniel Markstedt markstedt at gmail.com
Mon Aug 14 17:33:29 BST 2023


> ---------- Forwarded message ----------
> From: Markus Koschany <apo at debian.org>
> To: Daniel Markstedt <markstedt at gmail.com>
> Cc: 1043504-done at bugs.debian.org
> Bcc:
> Date: Sun, 13 Aug 2023 23:44:58 +0200
> Subject: Re: Bug#1043504: Another regression fix for CVE-2022-23123
> Version: 3.1.12~ds-3+deb10u3
>
> Am Freitag, dem 11.08.2023 um 22:45 -0700 schrieb Daniel Markstedt:
> > Package: netatalk
> > Version: 3.1.12~ds-3+deb10u2
> > X-Debbugs-Cc: team at security.debian.org,debian-lts at lists.debian.org
> >
> > Dear Debian Security team,
> >
> > Would you be able to help me get the following critical regression fix
> > into the Buster netatalk package?
>
> Hello Daniel,
>
> thank you for the report. I have just released DLA-3426-3 and believe this is
> fixed in 3.1.12~ds-3+deb10u3 now.
>
> Regards,
>
> Markus

Wonderful, thank you for the quick turnaround on the upload.
I updated to deb10u3 on by Buster system and ran a few tests.
It seems to work as expected!

As a side note, I filed a release request with the Release team last
night to get traction with patching the Bullseye package as well.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049325

I'm following the guidelines here so hopefully I'm on the right track. :)
https://lists.debian.org/debian-devel-announce/2019/08/msg00000.html

Cheers,
Daniel



More information about the pkg-netatalk-devel mailing list