Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2960b590 by Moritz Muehlenhoff at 2022-06-21T14:11:24+02:00
netatalk references
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -32131,22 +32131,44 @@ CVE-2022-23125
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa
CVE-2022-23124
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
+ NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression:
+ NOTE:
https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074
+ NOTE: Probably the same as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
+ NOTE: 3.1.13~ds-2 merged a patch:
https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
+ NOTE: but not reviewed/merged upstream so far
CVE-2022-23123
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
+ NOTE: Causes a regression:
+ NOTE:
https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074
+ NOTE: Probably the same as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
+ NOTE: 3.1.13~ds-2 merged a patch:
https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
+ NOTE: but not reviewed/merged upstream so far
CVE-2022-23122
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
+ NOTE: Causes a regression:
+ NOTE:
https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074
+ NOTE: Probably the same as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
+ NOTE: 3.1.13~ds-2 merged a patch:
https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
+ NOTE: but not reviewed/merged upstream so far
CVE-2022-23121
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1
CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security
and Cloud ...)
NOT-FOR-US: Trend Micro
CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep
Security and C ...)
@@ -32191,6 +32213,12 @@ CVE-2022-0194
RESERVED
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
+ NOTE: Causes a regression:
+ NOTE:
https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074
+ NOTE: Probably the same as
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303
+ NOTE: 3.1.13~ds-2 merged a patch:
https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf
+ NOTE: but not reviewed/merged upstream so far
CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the
s para ...)
NOT-FOR-US: WordPress plugin
CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo
PCManager prior ...)
@@ -41435,7 +41463,7 @@ CVE-2021-44268
CVE-2021-44267
RESERVED
CVE-2021-44266 (GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS
via the mo ...)
- NOT-FOR-US: GUnet Open eClass
+ NOT-FOR-US: GUnet Open eClass
CVE-2021-44265
RESERVED
CVE-2021-44264
@@ -77722,6 +77750,7 @@ CVE-2021-31440 (This vulnerability allows local
attackers to escalate privileges
CVE-2021-31439 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
- netatalk 3.1.13~ds-1
NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
+ NOTE:
https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f
CVE-2021-31438 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
NOT-FOR-US: Foxit
CVE-2021-31437 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -39,6 +39,7 @@ linux (carnil)
ndpi/oldstable
--
netatalk
+ open regression with MacOS, tentative patch not yet merged upstream
--
nodejs (jmm)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2960b5904132da1cd3adaa72ee535332551ec002
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2960b5904132da1cd3adaa72ee535332551ec002
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
