Your message dated Sat, 18 Jun 2022 10:32:23 +0000
with message-id <[email protected]>
and subject line Bug#1011770: fixed in ntfs-3g 1:2017.3.23AR.3-4+deb11u2
has caused the Debian Bug report #1011770,
regarding ntfs-3g: CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785
CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1011770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011770
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ntfs-3g
Version: 1:2021.8.22-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for ntfs-3g.
CVE-2021-46790[0]:
| ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow
| involving buffer+512*3-2. NOTE: the upstream position is that ntfsck
| is deprecated; however, it is shipped by some Linux distributions.
and
CVE-2022-30783[1], CVE-2022-30784[2], CVE-2022-30785[3],
CVE-2022-30786[4], CVE-2022-30787[5], CVE-2022-30788[6],
CVE-2022-30789[7]:
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-46790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46790
[1] https://security-tracker.debian.org/tracker/CVE-2022-30783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30783
[2] https://security-tracker.debian.org/tracker/CVE-2022-30784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30784
[3] https://security-tracker.debian.org/tracker/CVE-2022-30785
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30785
[4] https://security-tracker.debian.org/tracker/CVE-2022-30786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30786
[5] https://security-tracker.debian.org/tracker/CVE-2022-30787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30787
[6] https://security-tracker.debian.org/tracker/CVE-2022-30788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30788
[7] https://security-tracker.debian.org/tracker/CVE-2022-30789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30789
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ntfs-3g
Source-Version: 1:2017.3.23AR.3-4+deb11u2
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ntfs-3g, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated ntfs-3g package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 08 Jun 2022 22:42:53 +0200
Source: ntfs-3g
Architecture: source
Version: 1:2017.3.23AR.3-4+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1011770
Changes:
ntfs-3g (1:2017.3.23AR.3-4+deb11u2) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix multiple issues (Closes: #1011770)
- Used a default usn when the former one cannot be retrieved
(CVE-2022-30788)
- Made sure there is no null character in an attribute name
(CVE-2022-30786)
- Avoided allocating and reading an attribute beyond its full size
(CVE-2022-30784)
- Made sure the client log data does not overflow from restart page
(CVE-2022-30789)
- Made sure there is no null character in an attribute name (bis)
(CVE-2022-30786)
- Fixed possible out-of-buffer condition in ntfsck (CVE-2021-46790)
- Fixed operation on little endian data (CVE-2022-30788)
- Returned an error code when the --help or --version options are
used (CVE-2022-30783)
- Hardened the checking of directory offset requested by a readdir
(CVE-2022-30785, CVE-2022-30787)
Checksums-Sha1:
33c9217875ac113fdd4c5c3cb1508da390a83484 2369
ntfs-3g_2017.3.23AR.3-4+deb11u2.dsc
c38c9017df2fd55f9bbec2457bea5cf2a7625f3b 39220
ntfs-3g_2017.3.23AR.3-4+deb11u2.debian.tar.xz
Checksums-Sha256:
86f4c8342b10ac24fd1e0627fde0d0fab6150ea3e2f1d2da98060af5294bcd0d 2369
ntfs-3g_2017.3.23AR.3-4+deb11u2.dsc
2e7dec50b40735354d4621e54a35f19130ff2df91f4e8630c450f4e9481bd88d 39220
ntfs-3g_2017.3.23AR.3-4+deb11u2.debian.tar.xz
Files:
29263ddf93811f1ebedc788cc97b61d1 2369 otherosfs optional
ntfs-3g_2017.3.23AR.3-4+deb11u2.dsc
bad6fc45608aed3431d08c8f90b03b21 39220 otherosfs optional
ntfs-3g_2017.3.23AR.3-4+deb11u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmKhCzlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMW0P/R9KnjQPfnx+DW/AY8zsMRFSZUqIQjb8
F5S+ZlcmV4nLAVK8OYKjb86BKUxORHQ4OMPt1OfUJBIuR0vRaX1DCROi9P+ZzYT2
AyR09mUSggURqJmFbVn/y1BW9G3Odn3X/jIFeBMXtswr6KdaxF2Xs2J74pYvKnlX
TcrXjxCARYJPukxOZvP0qSM6w/3qUQR4Dy5yAOt+zN26AKS+GuowC64Wpr8SsbS6
O3oww3ZeAh/6iIz/KjUQwsboQtpZyfUfBTHlM3yrixpa+umxDpe5ok2fhy6CJOF1
ATS41DxKHIuUEjnqUbpInLxt98phaCZkrapYFQTKMtXK1JK3rViijd4rHt222ht4
AIf0F7qSIZjCgqfMVPdq8hrmVIDfpFP+zE8qWrTFMAiMT6+/KcLJ/Zvl/z+C+s7X
2rFaxnAxwLXRRm/xq9/fR/0NC6uqN2rY1eLgH2SZrjTYSJc5R3kasr4DVlARl4cO
CtfNN1I49dR8Z5qY7qDYYuy8VUV0M4oulqAlSBgtxcJvSwaHRFVLc32pS9XyGnP6
eKugoErz0ZCG0VHhmQiKaFckuS9UbywR4aehNlZoT2Q6uGSwnzyz7pjMG/Jw8yN1
74ri2uQSSN15+kRsuTCKXRqLrQ+iAf9KqWhV8dqmck9Vpa+l5jqJRiIMipNwDgFh
Vh82LXc++nsW
=8B2m
-----END PGP SIGNATURE-----
--- End Message ---
