Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2960b590 by Moritz Muehlenhoff at 2022-06-21T14:11:24+02:00 netatalk references - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -32131,22 +32131,44 @@ CVE-2022-23125 RESERVED - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa CVE-2022-23124 RESERVED - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d + NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression: + NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 + NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 + NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf + NOTE: but not reviewed/merged upstream so far CVE-2022-23123 RESERVED - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33 + NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d + NOTE: Causes a regression: + NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 + NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 + NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf + NOTE: but not reviewed/merged upstream so far CVE-2022-23122 RESERVED - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d + NOTE: Causes a regression: + NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 + NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 + NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf + NOTE: but not reviewed/merged upstream so far CVE-2022-23121 RESERVED - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c + NOTE: https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1 CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...) NOT-FOR-US: Trend Micro CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...) @@ -32191,6 +32213,12 @@ CVE-2022-0194 RESERVED - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d + NOTE: Causes a regression: + NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 + NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 + NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf + NOTE: but not reviewed/merged upstream so far CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...) NOT-FOR-US: WordPress plugin CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...) @@ -41435,7 +41463,7 @@ CVE-2021-44268 CVE-2021-44267 RESERVED CVE-2021-44266 (GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the mo ...) - NOT-FOR-US: GUnet Open eClass + NOT-FOR-US: GUnet Open eClass CVE-2021-44265 RESERVED CVE-2021-44264 @@ -77722,6 +77750,7 @@ CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - netatalk 3.1.13~ds-1 NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...) ===================================== data/dsa-needed.txt ===================================== @@ -39,6 +39,7 @@ linux (carnil) ndpi/oldstable -- netatalk + open regression with MacOS, tentative patch not yet merged upstream -- nodejs (jmm) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2960b5904132da1cd3adaa72ee535332551ec002 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2960b5904132da1cd3adaa72ee535332551ec002 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits