Your message dated Wed, 20 Sep 2023 18:49:02 +0000
with message-id
<8Tu6YOJ_SAX8T-m1LvpYfO2dl-rNra37O_u3YthO7DjBjoO7R51qZFbHhG01L2DajUqRP-o_DL7CORxl5HI53z1fRNz-CZIsWvwGILrpcRM=@mindani.net>
and subject line Resolved with bullseye-security release
has caused the Debian Bug report #1051066,
regarding netatalk: 9 outstanding CVEs in Bullseye with available patches
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1051066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: netatalk
Version: 3.1.12~ds-8
Severity: critical
Tags: patch security
Justification: root security hole
X-Debbugs-Cc: pkg-netatalk-de...@alioth-lists.debian.net, Debian Security Team
<t...@security.debian.org>
Nine CVE security advisories were addressed in netatalk upstream
releases between 3.1.13 and 3.1.15. The full list is below:
CVE-2022-45188
CVE-2022-43634
CVE-2022-23125
CVE-2022-23124
CVE-2022-23123
CVE-2022-23122
CVE-2022-23121
CVE-2022-0194
CVE-2021-31439
Current status of patching these vulnerabilities:
- netatalk oldoldstable has already been patched by the Security Team.
- netatalk unstable has already been patched by the maintainer team.
- The netatalk package was excluded from stable, no action required.
- What remains is to patch oldstable, hence this ticket.
A debpatch has been attached to the related Release bug ticket,
where approval to proceed with an oldstable release has been requested.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049325
-- System Information:
Debian Release: 11.7
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-11-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages netatalk depends on:
ii init-system-helpers 1.60
ii libacl1 2.2.53-10
ii libavahi-client3 0.8-5+deb11u2
ii libavahi-common3 0.8-5+deb11u2
ii libc6 2.31-13+deb11u6
ii libcrack2 2.9.6-3.4
ii libcrypt1 1:4.4.18-4
ii libdb5.3 5.3.28+dfsg1-0.8
ii libdbus-glib-1-2 0.110-6
ii libevent-2.1-7 2.1.12-stable-1
ii libgcrypt20 1.8.7-6
ii libglib2.0-0 2.66.8-1
ii libgssapi-krb5-2 1.18.3-6+deb11u3
ii libkrb5-3 1.18.3-6+deb11u3
ii libldap-2.4-2 2.4.57+dfsg-3+deb11u1
ii libmariadb3 1:10.5.19-0+deb11u2
ii libpam-modules 1.4.0-9+deb11u1
ii libpam0g 1.4.0-9+deb11u1
ii libssl1.1 1.1.1n-0+deb11u4
ii libtalloc2 2.3.1-2+b1
ii libtdb1 1.4.3-1+b1
ii libtracker-sparql-2.0-0 2.3.6-2
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii netbase 6.3
ii perl 5.32.1-4+deb11u2
Versions of packages netatalk recommends:
ii avahi-daemon 0.8-5+deb11u2
ii cracklib-runtime 2.9.6-3.4
ii dbus 1.12.24-0+deb11u1
ii lsof 4.93.2+dfsg-1.1
ii procps 2:3.3.17-5
ii python3 3.9.2-3
ii python3-dbus 1.2.16-5
ii tracker 2.3.6-2
Versions of packages netatalk suggests:
pn quota <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
The Debian Security Team pushed out this patchset to bullseye-security in:
netatalk_3.1.12~ds-8+deb11u1
--- End Message ---