; > From: Markus Koschany
> > > > To: Daniel Markstedt , 1036740-d...@bugs.debian.org
> > > > Cc: debian-...@lists.debian.org
> > > > Bcc:
> > > > Date: Thu, 01 Jun 2023 19:54:55 +0200
> > > > Subject: Re: Bug#1036740: Fi
...@bugs.debian.org
> > > Cc: debian-...@lists.debian.org
> > > Bcc:
> > > Date: Thu, 01 Jun 2023 19:54:55 +0200
> > > Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault
> > > with valid metadata
> > > Version: 3.1.12~ds-3+deb10u2
> &g
ate: Thu, 01 Jun 2023 19:54:55 +0200
> > Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with
> > valid metadata
> > Version: 3.1.12~ds-3+deb10u2
> >
> > Thanks for your report and the detailed replies. I could reproduce the
> > problem
> &
> -- Forwarded message --
> From: Markus Koschany
> To: Daniel Markstedt , 1036740-d...@bugs.debian.org
> Cc: debian-...@lists.debian.org
> Bcc:
> Date: Thu, 01 Jun 2023 19:54:55 +0200
> Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault w
On Fri, May 26, 2023 at 1:15 PM Markus Koschany wrote:
>
> Could you tell me which exact commands were used, so that I can try to
> reproduce the problem?
>
Do by any chance have access to a Mac of any vintage?
It could be a brand new machine running the latest macOS or a classic
Mac from the
Am Donnerstag, dem 25.05.2023 um 19:22 -0700 schrieb Daniel Markstedt:
> [...]
> Thank you very much for taking swift action on this!
> Please forgive my ignorance here, but are these patches active already
> if I apt install netatalk (3.1.12~ds-3+deb10u1) on Buster?
> Or do they have to be picked
On Thu, May 25, 2023 at 3:39 AM Markus Koschany wrote:
>
> Hello Daniel,
>
> Am Donnerstag, dem 25.05.2023 um 08:02 +0200 schrieb Salvatore Bonaccorso:
> > >
> > > These two commits in upstream addressed this:
> > >
Hello Daniel,
Am Donnerstag, dem 25.05.2023 um 08:02 +0200 schrieb Salvatore Bonaccorso:
> >
> > These two commits in upstream addressed this:
> > https://github.com/Netatalk/netatalk/commit/9d0c21298363e8174cdfca657e66c4d10819507b
> >
Control: forwarded -1 https://github.com/Netatalk/netatalk/pull/174
Hi Daniel,
On Wed, May 24, 2023 at 10:50:41PM -0700, Daniel Markstedt wrote:
> Package: netatalk
> Version: 3.1.12~ds-3+deb10u1
> X-Debbugs-Cc: t...@security.debian.org
>
> The code that addressed CVE-2022-23123 introduced
Package: netatalk
Version: 3.1.12~ds-3+deb10u1
X-Debbugs-Cc: t...@security.debian.org
The code that addressed CVE-2022-23123 introduced appledouble metadata
validity assertions that were too strict and caused instant segfaults
with valid metadata for a large number of users.
These two commits in
10 matches
Mail list logo