[Pkg-netatalk-devel] Bug#1036740: closed by Markus Koschany <apo at debian.org> (Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata)

Daniel Markstedt markstedt at gmail.com
Sat Jun 3 22:56:00 BST 2023


> ---------- Forwarded message ----------
> From: Markus Koschany <apo at debian.org>
> To: Daniel Markstedt <markstedt at gmail.com>, 1036740-done at bugs.debian.org
> Cc: debian-lts at lists.debian.org
> Bcc:
> Date: Thu, 01 Jun 2023 19:54:55 +0200
> Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata
> Version:  3.1.12~ds-3+deb10u2
>
> Thanks for your report and the detailed replies. I could reproduce the problem
> and identify a wrongly applied commit in libatalk/adouble/ad_open.c. After
> applying a new patch to fix it, the AppleDouble v2 format seems to work as
> intended again. I'm going to close this bug report now.
>
> Best,
>
> Markus
>

Thank you Markus for narrowing down the problem and fixing it!
I can confirm that appledouble=v2 works in my environment now too.

So this covers the outstanding CVEs for oldstable now;
are you already preparing to port the same patchset to stable as well?

I can file another bug report if it helps.

Best,
Daniel



More information about the pkg-netatalk-devel mailing list