Your message dated Thu, 26 May 2022 17:35:12 +0000
with message-id <[email protected]>
and subject line Bug#1011770: fixed in ntfs-3g 1:2022.5.17-1
has caused the Debian Bug report #1011770,
regarding ntfs-3g: CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785
CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1011770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011770
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ntfs-3g
Version: 1:2021.8.22-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for ntfs-3g.
CVE-2021-46790[0]:
| ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow
| involving buffer+512*3-2. NOTE: the upstream position is that ntfsck
| is deprecated; however, it is shipped by some Linux distributions.
and
CVE-2022-30783[1], CVE-2022-30784[2], CVE-2022-30785[3],
CVE-2022-30786[4], CVE-2022-30787[5], CVE-2022-30788[6],
CVE-2022-30789[7]:
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-46790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
[1] https://security-tracker.debian.org/tracker/CVE-2022-30783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
[2] https://security-tracker.debian.org/tracker/CVE-2022-30784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
[3] https://security-tracker.debian.org/tracker/CVE-2022-30785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
[4] https://security-tracker.debian.org/tracker/CVE-2022-30786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
[5] https://security-tracker.debian.org/tracker/CVE-2022-30787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
[6] https://security-tracker.debian.org/tracker/CVE-2022-30788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
[7] https://security-tracker.debian.org/tracker/CVE-2022-30789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ntfs-3g
Source-Version: 1:2022.5.17-1
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ntfs-3g, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated ntfs-3g package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 May 2022 19:04:15 +0200
Source: ntfs-3g
Architecture: source
Version: 1:2022.5.17-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1011770
Changes:
ntfs-3g (1:2022.5.17-1) unstable; urgency=high
.
* New upstream release (closes: #1011770) fixing CVE-2021-46790,
CVE-2022-30783, CVE-2022-30784, CVE-2022-30785, CVE-2022-30786,
CVE-2022-30787, CVE-2022-30788 and CVE-2022-30789: these vulnerabilities
may allow an attacker using a maliciously crafted NTFS-formatted image
file or external storage to potentially execute arbitrary privileged code.
Checksums-Sha1:
fa9b504f3d86f38a2e5efc968edc9e895366baf3 2115 ntfs-3g_2022.5.17-1.dsc
ec9770d142373f2aeedb782b08956bb9a0d3dc7b 900383 ntfs-3g_2022.5.17.orig.tar.gz
1a859197f5efb218b24a7b96920a8d6b225307af 22424
ntfs-3g_2022.5.17-1.debian.tar.xz
Checksums-Sha256:
c721cff46c24be50913896463e243f4fcb8efee10ae27f237580023484a73858 2115
ntfs-3g_2022.5.17-1.dsc
49680b2dd38c472368425923b0178195e24705fc355c78764632e5835000db49 900383
ntfs-3g_2022.5.17.orig.tar.gz
c638aec84d6b26b003166aa21c7a7c354119ed6f7214ca08aa4fac7238d4e0bf 22424
ntfs-3g_2022.5.17-1.debian.tar.xz
Files:
6562fc7f25a983d63b34ac7b65d0a98b 2115 otherosfs optional
ntfs-3g_2022.5.17-1.dsc
eb292f78abb219385573427f234eb9bb 900383 otherosfs optional
ntfs-3g_2022.5.17.orig.tar.gz
ae3a254ce7d454526312e93f3e72457f 22424 otherosfs optional
ntfs-3g_2022.5.17-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmKPt0MACgkQ3OMQ54ZM
yL8v8hAAi7Vgq2YajymRjXU9X61T2dn1QBuFkhoNxg3k3zerjqIGgD1Hg9x5MqGi
+4r1eQ/9tdfvWoNAGHNI6qIrtXvbibkHE8Iea8aJDQ9TbvfzLaUtzhyMfkhkwIa6
kR7cNcRZp7npai27DQpsePdyBAQdmjTH3FQ3D2fOzCCSdrFlm3IePPmq6poqazBp
TVk4XcR2lqIab8pyEWDM/bA31KkggzEINZmh5Fg4B4F/RZ5xFhA+U17u+yIakQfM
JWPNcyz1Hu/EhMUTnH01VC3iV3g+JuRTcYGMipC//pGxPj/r++vkGXWiSw+VWfRH
0mDQrtYO7eOCQI4qFWl/Y9WWz2Jb5MHa9eknswmLy9WbSzK4WM/3Rw0OBvUEF0R6
sPAGcWBUq826cz26pxpNTOzxFaUcHkTwan534Bv850v98eGu30ZtajYOxBGvbTWk
JvkXBzc23XCmCTtptgSWxEaNGjbe+xcwzY8kMt7G03X9PYpG+3FQSEUym2eMqcFZ
VemmhAjuVAjDk0W7Kd4a7S0kIZFRixFQUwS8VjX+dslMunpIb5HvqhZKudrsQ0Z1
9KJx74k0THedg0KDvs3z2eaPswmgSdD5m/DGBV98PyJhHl7NM+G1FkIsmwEWGyYJ
2fCWdZHcEnbmtYkr9tQPAPbokAkuRRWKVTmGtEVKi4sOpAaVx1s=
=bFbK
-----END PGP SIGNATURE-----
--- End Message ---
