Your message dated Sat, 18 Jun 2022 10:17:37 +0000
with message-id <[email protected]>
and subject line Bug#1011770: fixed in ntfs-3g 1:2017.3.23AR.3-3+deb10u2
has caused the Debian Bug report #1011770,
regarding ntfs-3g: CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785
CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1011770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011770
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ntfs-3g
Version: 1:2021.8.22-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for ntfs-3g.
CVE-2021-46790[0]:
| ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow
| involving buffer+512*3-2. NOTE: the upstream position is that ntfsck
| is deprecated; however, it is shipped by some Linux distributions.
and
CVE-2022-30783[1], CVE-2022-30784[2], CVE-2022-30785[3],
CVE-2022-30786[4], CVE-2022-30787[5], CVE-2022-30788[6],
CVE-2022-30789[7]:
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-46790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
[1] https://security-tracker.debian.org/tracker/CVE-2022-30783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
[2] https://security-tracker.debian.org/tracker/CVE-2022-30784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
[3] https://security-tracker.debian.org/tracker/CVE-2022-30785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
[4] https://security-tracker.debian.org/tracker/CVE-2022-30786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
[5] https://security-tracker.debian.org/tracker/CVE-2022-30787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
[6] https://security-tracker.debian.org/tracker/CVE-2022-30788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
[7] https://security-tracker.debian.org/tracker/CVE-2022-30789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ntfs-3g
Source-Version: 1:2017.3.23AR.3-3+deb10u2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ntfs-3g, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated ntfs-3g package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 09 Jun 2022 14:43:42 +0200
Source: ntfs-3g
Architecture: source
Version: 1:2017.3.23AR.3-3+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1011770
Changes:
ntfs-3g (1:2017.3.23AR.3-3+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix multiple issues (Closes: #1011770)
- Used a default usn when the former one cannot be retrieved
(CVE-2022-30788)
- Made sure there is no null character in an attribute name
(CVE-2022-30786)
- Avoided allocating and reading an attribute beyond its full size
(CVE-2022-30784)
- Made sure the client log data does not overflow from restart page
(CVE-2022-30789)
- Made sure there is no null character in an attribute name (bis)
(CVE-2022-30786)
- Fixed possible out-of-buffer condition in ntfsck (CVE-2021-46790)
- Fixed operation on little endian data (CVE-2022-30788)
- Returned an error code when the --help or --version options are
used (CVE-2022-30783)
- Hardened the checking of directory offset requested by a readdir
(CVE-2022-30785, CVE-2022-30787)
Checksums-Sha1:
48fa15b9053ed56157ea81014d7e06c36350af21 2363
ntfs-3g_2017.3.23AR.3-3+deb10u2.dsc
4451d8e31a3031f53547b9c7f27d6e3c317c3594 39240
ntfs-3g_2017.3.23AR.3-3+deb10u2.debian.tar.xz
Checksums-Sha256:
dfa1a20bae7bcbc69f776e094853c324b1bd031bf1f9d44f33429ae516dffcdd 2363
ntfs-3g_2017.3.23AR.3-3+deb10u2.dsc
faf80a26cc3c6e3a61310e07864fd9c7425f5714064dda4a5ea519044b726956 39240
ntfs-3g_2017.3.23AR.3-3+deb10u2.debian.tar.xz
Files:
de8184b16c9b30a1d4e44190ed9f59a5 2363 otherosfs optional
ntfs-3g_2017.3.23AR.3-3+deb10u2.dsc
6f26c3ba043bd8d6f6650ec05cb2d420 39240 otherosfs optional
ntfs-3g_2017.3.23AR.3-3+deb10u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKh62xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EOrcP/04Qqq2xVN80SNop6agjBB9P6OcgCkPf
7qDAFnWajhsX5Pv7jzwIeg+x5giuyeDnFDhmFUag4BJ3KZf1LZJJRcB7dBa7DKYI
bYT/ubW9Z2uWYLCy6Z9DhaqdT98vv0TeQgTvpiiRJ7bfCT6Ttjx8xbvmMAU1DkY4
jo+rwyqZbA/qgeoS/smE5SWSnGnfNCyUhEHFDHq37jGJH/fkvjsnUsbVzPbjsCFI
4xSJhOhjHyLASM9UlJ27N7jgr0Fg1NLpSbs28RYEv0GFqZk3Qo9FLQPLgmvb+nU1
D1B5UdoMDUmAy42QyfOmZb4Iv5ZdwrNg6f0ok9mRCLViYELnEpop5vzO+1OrP66w
VxSaH93Dc/pcwZxZd5I0rsE8HhkU+hgP4hasNiixIg01O+EOzx9J0lOqRehdGm31
LaHFWJjLU5BH6yaZ+23C6YPt3KG1IguhZCxM8XABBGaXsJEkt//2ZuNxOKh2Y35s
4twPplXC2kc38dHYHMvmJofrEVnMzRZmxS/XedwMMCPRWQv8iDR4QLRgyu2J0XoC
qkhx7nLrxVNUi/kL4JtWQZj+nrVOMQe8GJCCSOACm8N7Azpv6xDwdinfeu8PFA3b
o3zo2B86LD9IJ5Ac7dk3qxKDKzuy7ayYGBoIswT5zkksYGRjEn/uo9W5U3yVVbVj
bJrlXTKPOzgC
=oZ37
-----END PGP SIGNATURE-----
--- End Message ---
