[Pkg-netatalk-devel] Bug#1060773: CVE-2022-22995: afpd daemon vulnerable to symlink redirection

Daniel Markstedt daniel at mindani.net
Sun Jan 14 05:57:11 GMT 2024 

Package: netatalk
Version: 3.1.12~ds-8+deb11u1
Severity: normal
Tags: security
X-Debbugs-Cc: team at security.debian.org, pkg-netatalk-devel at alioth-lists.debian.net, Debian Security Team <team at security.debian.org>

This is for tracking the fix for security vulnerability CVE-2022-22995
in Debian Oldstable (Bullseye)

Upstream advisory at: https://netatalk.sourceforge.io/CVE-2022-22995.php

Note that this has already been patched in oldoldstable (by the security
team) and in unstable (by the package maintainers.)

-- System Information:
Debian Release: 11.7
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages netatalk depends on:
ii  init-system-helpers      1.60
ii  libacl1                  2.2.53-10
ii  libavahi-client3         0.8-5+deb11u2
ii  libavahi-common3         0.8-5+deb11u2
ii  libc6                    2.31-13+deb11u6
ii  libcrack2                2.9.6-3.4
ii  libcrypt1                1:4.4.18-4
ii  libdb5.3                 5.3.28+dfsg1-0.8
ii  libdbus-glib-1-2         0.110-6
ii  libevent-2.1-7           2.1.12-stable-1
ii  libgcrypt20              1.8.7-6
ii  libglib2.0-0             2.66.8-1
ii  libgssapi-krb5-2         1.18.3-6+deb11u3
ii  libkrb5-3                1.18.3-6+deb11u3
ii  libldap-2.4-2            2.4.57+dfsg-3+deb11u1
ii  libmariadb3              1:10.5.19-0+deb11u2
ii  libpam-modules           1.4.0-9+deb11u1
ii  libpam0g                 1.4.0-9+deb11u1
ii  libssl1.1                1.1.1n-0+deb11u4
ii  libtalloc2               2.3.1-2+b1
ii  libtdb1                  1.4.3-1+b1
ii  libtracker-sparql-2.0-0  2.3.6-2
ii  libwrap0                 7.6.q-31
ii  lsb-base                 11.1.0
ii  netbase                  6.3
ii  perl                     5.32.1-4+deb11u2

Versions of packages netatalk recommends:
ii  avahi-daemon      0.8-5+deb11u2
ii  cracklib-runtime  2.9.6-3.4
ii  dbus              1.12.24-0+deb11u1
ii  lsof              4.93.2+dfsg-1.1
ii  procps            2:3.3.17-5
ii  python3           3.9.2-3
ii  python3-dbus      1.2.16-5
ii  tracker           2.3.6-2

Versions of packages netatalk suggests:
pn  quota  <none>

-- no debconf information

More information about the pkg-netatalk-devel mailing list