Source: ntfs-3g Version: 1:2021.8.22-3 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for ntfs-3g. CVE-2021-46790[0]: | ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow | involving buffer+512*3-2. NOTE: the upstream position is that ntfsck | is deprecated; however, it is shipped by some Linux distributions. and CVE-2022-30783[1], CVE-2022-30784[2], CVE-2022-30785[3], CVE-2022-30786[4], CVE-2022-30787[5], CVE-2022-30788[6], CVE-2022-30789[7]: If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-46790 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790 [1] https://security-tracker.debian.org/tracker/CVE-2022-30783 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783 [2] https://security-tracker.debian.org/tracker/CVE-2022-30784 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784 [3] https://security-tracker.debian.org/tracker/CVE-2022-30785 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785 [4] https://security-tracker.debian.org/tracker/CVE-2022-30786 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786 [5] https://security-tracker.debian.org/tracker/CVE-2022-30787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787 [6] https://security-tracker.debian.org/tracker/CVE-2022-30788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788 [7] https://security-tracker.debian.org/tracker/CVE-2022-30789 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789 Regards, Salvatore