Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: closed by Markus Koschany (Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata)

; > From: Markus Koschany > > > > To: Daniel Markstedt , 1036740-d...@bugs.debian.org > > > > Cc: debian-...@lists.debian.org > > > > Bcc: > > > > Date: Thu, 01 Jun 2023 19:54:55 +0200 > > > > Subject: Re: Bug#1036740: Fi

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: closed by Markus Koschany (Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata)

...@bugs.debian.org > > > Cc: debian-...@lists.debian.org > > > Bcc: > > > Date: Thu, 01 Jun 2023 19:54:55 +0200 > > > Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault > > > with valid metadata > > > Version: 3.1.12~ds-3+deb10u2 > &g

Bug#1036740: closed by Markus Koschany (Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata)

ate: Thu, 01 Jun 2023 19:54:55 +0200 > > Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with > > valid metadata > > Version: 3.1.12~ds-3+deb10u2 > > > > Thanks for your report and the detailed replies. I could reproduce the > > problem > &

Bug#1036740: closed by Markus Koschany (Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata)

> -- Forwarded message -- > From: Markus Koschany > To: Daniel Markstedt , 1036740-d...@bugs.debian.org > Cc: debian-...@lists.debian.org > Bcc: > Date: Thu, 01 Jun 2023 19:54:55 +0200 > Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault w

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

On Fri, May 26, 2023 at 1:15 PM Markus Koschany wrote: > > Could you tell me which exact commands were used, so that I can try to > reproduce the problem? > Do by any chance have access to a Mac of any vintage? It could be a brand new machine running the latest macOS or a classic Mac from the

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

Am Donnerstag, dem 25.05.2023 um 19:22 -0700 schrieb Daniel Markstedt: > [...] > Thank you very much for taking swift action on this! > Please forgive my ignorance here, but are these patches active already > if I apt install netatalk (3.1.12~ds-3+deb10u1) on Buster? > Or do they have to be picked

Bug#1036740: [Pkg-netatalk-devel] Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

On Thu, May 25, 2023 at 3:39 AM Markus Koschany wrote: > > Hello Daniel, > > Am Donnerstag, dem 25.05.2023 um 08:02 +0200 schrieb Salvatore Bonaccorso: > > > > > > These two commits in upstream addressed this: > > >

Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

Hello Daniel, Am Donnerstag, dem 25.05.2023 um 08:02 +0200 schrieb Salvatore Bonaccorso: > > > > These two commits in upstream addressed this: > > https://github.com/Netatalk/netatalk/commit/9d0c21298363e8174cdfca657e66c4d10819507b > >

Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

Control: forwarded -1 https://github.com/Netatalk/netatalk/pull/174 Hi Daniel, On Wed, May 24, 2023 at 10:50:41PM -0700, Daniel Markstedt wrote: > Package: netatalk > Version: 3.1.12~ds-3+deb10u1 > X-Debbugs-Cc: t...@security.debian.org > > The code that addressed CVE-2022-23123 introduced

Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with valid metadata

Package: netatalk Version: 3.1.12~ds-3+deb10u1 X-Debbugs-Cc: t...@security.debian.org The code that addressed CVE-2022-23123 introduced appledouble metadata validity assertions that were too strict and caused instant segfaults with valid metadata for a large number of users. These two commits in