Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1125a02a by Moritz Mühlenhoff at 2023-09-20T19:44:49+02:00 netatalk DSA - - - - - 3 changed files: - data/CVE/list - data/DSA/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -55530,7 +55530,6 @@ CVE-2022-45189 CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow ...) {DLA-3426-1} - netatalk 3.1.15~ds-1 (bug #1024021) - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/ NOTE: https://github.com/Netatalk/netatalk/commit/dfab56846e8f454fe0548347ae6437bd12a05925 NOTE: https://github.com/Netatalk/netatalk/commit/952b510d38914ed215858883f395da33d8b7e396 (netatalk-3-1-15) @@ -62501,7 +62500,6 @@ CVE-2022-43635 (This vulnerability allows network-adjacent attackers to disclose CVE-2022-43634 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DLA-3426-1} - netatalk 3.1.15~ds-1 (bug #1034170) - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://github.com/Netatalk/Netatalk/pull/186 NOTE: https://github.com/advisories/GHSA-fwj9-7qq8-jc93 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-094/ @@ -122288,13 +122286,11 @@ CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux k CVE-2022-23125 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DLA-3426-1} - netatalk 3.1.13~ds-1 - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive infor ...) {DLA-3426-1} - netatalk 3.1.13~ds-1 - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression: @@ -122305,7 +122301,6 @@ CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive infor ...) {DLA-3426-1} - netatalk 3.1.13~ds-1 - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33 NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d @@ -122317,7 +122312,6 @@ CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DLA-3426-1} - netatalk 3.1.13~ds-1 - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d NOTE: Causes a regression: @@ -122328,7 +122322,6 @@ CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary CVE-2022-23121 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DLA-3426-1} - netatalk 3.1.13~ds-1 - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c NOTE: https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1 @@ -122375,7 +122368,6 @@ CVE-2022-21134 (A firmware update vulnerability exists in the "update" CVE-2022-0194 (This vulnerability allows remote attackers to execute arbitrary code o ...) {DLA-3426-1} - netatalk 3.1.13~ds-1 - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d NOTE: Causes a regression: @@ -168755,7 +168747,6 @@ CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...) {DLA-3426-1} - netatalk 3.1.13~ds-1 - [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point release) NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html NOTE: https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...) ===================================== data/DSA/list ===================================== @@ -1,3 +1,6 @@ +[20 Sep 2023] DSA-5503-1 netatalk - security update + {CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122 CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634 CVE-2022-45188 CVE-2023-42464} + [bullseye] - netatalk 3.1.12~ds-8+deb11u1 [18 Sep 2023] DSA-5502-1 xrdp - security update {CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493} [bullseye] - xrdp 0.9.21.1-1~deb11u1 ===================================== data/dsa-needed.txt ===================================== @@ -33,8 +33,6 @@ lldpd (carnil) nbconvert/oldstable Guilhem Moulin proposed an update ready for review -- -netatalk/oldstable (jmm) --- nodejs maintainer proposed to follow the upstream 18.x LTS branch -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1125a02a3bdf15804837072a03b8c0e4466d6341 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1125a02a3bdf15804837072a03b8c0e4466d6341 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits