Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e82966a9 by Moritz Muehlenhoff at 2026-06-01T23:13:24+02:00
netatalk fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -661,22 +661,22 @@ CVE-2026-41084 (A bug in Apache Airflow's bulk Task
Instances API (`PATCH/DELETE
CVE-2026-42252 (Apache Airflow's official documentation at
`core-concepts/dag-run.html ...)
- airflow <itp> (bug #819700)
CVE-2026-49390
- - netatalk <unfixed>
+ - netatalk 4.5.0~ds-1
[trixie] - netatalk <no-dsa> (Minor issue)
[bookworm] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-49390
CVE-2026-49389
- - netatalk <unfixed>
+ - netatalk 4.5.0~ds-1
[trixie] - netatalk <no-dsa> (Minor issue)
[bookworm] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-49389
CVE-2026-49388
- - netatalk <unfixed>
+ - netatalk 4.5.0~ds-1
[trixie] - netatalk <no-dsa> (Feature broken and not working correctly;
can be fixed in point release)
[bookworm] - netatalk <no-dsa> (Feature broken and not working
correctly; can be fixed in point release)
NOTE: https://netatalk.io/security/CVE-2026-49388
CVE-2026-49387
- - netatalk <unfixed>
+ - netatalk 4.5.0~ds-1
[trixie] - netatalk <no-dsa> (Feature broken and not working correctly;
can be fixed in point release)
[bookworm] - netatalk <no-dsa> (Feature broken and not working
correctly; can be fixed in point release)
NOTE: https://netatalk.io/security/CVE-2026-49387
@@ -10486,76 +10486,76 @@ CVE-2026-44047 (An SQL injection vulnerability in the
MySQL CNID backend in Neta
- netatalk 4.4.3~ds-1 (bug #1137108)
NOTE: https://netatalk.io/security/CVE-2026-44047
CVE-2026-7837 (A time-of-check time-of-use (TOCTOU) condition in the ad_flush
functio ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-7837
NOTE: No security impact per upstream assessment
CVE-2026-7836 (An incorrect calculation in the hextoint macro in Netatalk
2.0.0 throu ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-7836
NOTE: No security impact per upstream assessment
CVE-2026-7835 (A format string argument mismatch in Netatalk 3.0.3 through
4.4.2 allo ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-7835
NOTE: No security impact per upstream assessment
CVE-2026-44059 (A race condition in the privilege toggle mechanism in Netatalk
2.2.5 t ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44059
NOTE: No security impact per upstream assessment, just hardening
CVE-2026-44058 (An authentication bypass vulnerability in Netatalk 2.2.2
through 4.4.2 ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged
upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44058
CVE-2026-44053 (Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic
algorithm in ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged
upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44053
CVE-2026-44063 (An LDAP injection vulnerability in Netatalk 2.1.0 through
4.4.2 allows ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged
upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44063
CVE-2026-44061 (Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication
with a ti ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged
upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44061
CVE-2026-44056 (A stack-based buffer overflow in desktop.c in Netatalk 1.3
through 4.2 ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged
upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44056
CVE-2026-44069 (An integer underflow in the volxlate function in Netatalk
3.0.0 throug ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44069
NOTE: No security impact per upstream assessment
CVE-2026-44067 (A heap over-read in extended attribute (EA) header parsing in
Netatalk ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged
upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44067
CVE-2026-44065 (An off-by-two error in lp_write() in papd in Netatalk 2.0.0
through 4. ...)
- - netatalk <unfixed>
- [trixie] - netatalk <postponed> (Minor issue, revisit when merged
upstream)
+ - netatalk 4.5.0~ds-1
+ [trixie] - netatalk <no-dsa> (Minor issue)
NOTE: https://netatalk.io/security/CVE-2026-44065
CVE-2026-44072 (Netatalk 2.2.1 through 4.4.2 calls system() after a failed
chdir() wit ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44072
NOTE: No security impact per upstream assessment
CVE-2026-44071 (Netatalk 3.1.2 through 4.4.2 is compiled without
FORTIFY_SOURCE, which ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44071
NOTE: Missing hardening, not a security issue
CVE-2026-44070 (An unbounded memory reallocation in the charset conversion
code in Net ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44070
NOTE: Not exploitable per upstream assessment
CVE-2026-44075 (A missing break statement in DSI OpenSession processing in
Netatalk 1. ...)
- - netatalk <unfixed> (unimportant)
+ - netatalk 4.5.0~ds-1 (unimportant)
NOTE: https://netatalk.io/security/CVE-2026-44075
NOTE: No security impact per upstream assessment
CVE-2026-44074 (Netatalk 2.1.0 through 4.4.2 combines multiple errno values
using bitw ...)
- - netatalk <unfixed> (unimportant)
- NOTE: https://netatalk.io/security/CVE-2026-44074
+ - netatalk 4.5.0~ds-1 (unimportant)
+ NOTE: https://netatalk.io/security/CVE-2026-44072
NOTE: No security impact per upstream assessment
CVE-2026-44073 (Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to
check t ...)
- - netatalk <unfixed> (unimportant)
- NOTE: https://netatalk.io/security/CVE-2026-44073
+ - netatalk 4.5.0~ds-1 (unimportant)
+ NOTE: https://netatalk.io/security/CVE-2026-44072
NOTE: No security impact per upstream assessment
CVE-2026-44076 (Insufficient sanitization of volume paths in Netatalk 3.1.0
through 4. ...)
{DSA-6280-1}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e82966a9a9443a41431d10967f5c9055d290c4be
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e82966a9a9443a41431d10967f5c9055d290c4be
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
