[Git][security-tracker-team/security-tracker][master] netatalk DSA

Moritz Muehlenhoff (@jmm) Wed, 20 Sep 2023 10:45:41 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1125a02a by Moritz Mühlenhoff at 2023-09-20T19:44:49+02:00
netatalk DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -55530,7 +55530,6 @@ CVE-2022-45189
 CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer 
overflow  ...)
        {DLA-3426-1}
        - netatalk 3.1.15~ds-1 (bug #1024021)
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/
        NOTE: 
https://github.com/Netatalk/netatalk/commit/dfab56846e8f454fe0548347ae6437bd12a05925
        NOTE: 
https://github.com/Netatalk/netatalk/commit/952b510d38914ed215858883f395da33d8b7e396
 (netatalk-3-1-15)
@@ -62501,7 +62500,6 @@ CVE-2022-43635 (This vulnerability allows 
network-adjacent attackers to disclose
 CVE-2022-43634 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
        {DLA-3426-1}
        - netatalk 3.1.15~ds-1 (bug #1034170)
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://github.com/Netatalk/Netatalk/pull/186
        NOTE: https://github.com/advisories/GHSA-fwj9-7qq8-jc93
        NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-094/
@@ -122288,13 +122286,11 @@ CVE-2021-46283 (nf_tables_newset in 
net/netfilter/nf_tables_api.c in the Linux k
 CVE-2022-23125 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
        {DLA-3426-1}
        - netatalk 3.1.13~ds-1
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa
 CVE-2022-23124 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
        {DLA-3426-1}
        - netatalk 3.1.13~ds-1
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
        NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression:
@@ -122305,7 +122301,6 @@ CVE-2022-23124 (This vulnerability allows remote 
attackers to disclose sensitive
 CVE-2022-23123 (This vulnerability allows remote attackers to disclose 
sensitive infor ...)
        {DLA-3426-1}
        - netatalk 3.1.13~ds-1
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
@@ -122317,7 +122312,6 @@ CVE-2022-23123 (This vulnerability allows remote 
attackers to disclose sensitive
 CVE-2022-23122 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
        {DLA-3426-1}
        - netatalk 3.1.13~ds-1
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
        NOTE: Causes a regression:
@@ -122328,7 +122322,6 @@ CVE-2022-23122 (This vulnerability allows remote 
attackers to execute arbitrary
 CVE-2022-23121 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)
        {DLA-3426-1}
        - netatalk 3.1.13~ds-1
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1
@@ -122375,7 +122368,6 @@ CVE-2022-21134 (A firmware update vulnerability 
exists in the &quot;update&quot;
 CVE-2022-0194 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
        {DLA-3426-1}
        - netatalk 3.1.13~ds-1
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d
        NOTE: Causes a regression:
@@ -168755,7 +168747,6 @@ CVE-2021-31440 (This vulnerability allows local 
attackers to escalate privileges
 CVE-2021-31439 (This vulnerability allows network-adjacent attackers to 
execute arbitr ...)
        {DLA-3426-1}
        - netatalk 3.1.13~ds-1
-       [bullseye] - netatalk <no-dsa> (Minor issue, will be fixed via point 
release)
        NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html
        NOTE: 
https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f
 CVE-2021-31438 (This vulnerability allows remote attackers to execute 
arbitrary code o ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Sep 2023] DSA-5503-1 netatalk - security update
+       {CVE-2021-31439 CVE-2022-0194 CVE-2022-23121 CVE-2022-23122 
CVE-2022-23123 CVE-2022-23124 CVE-2022-23125 CVE-2022-43634 CVE-2022-45188 
CVE-2023-42464}
+       [bullseye] - netatalk 3.1.12~ds-8+deb11u1
 [18 Sep 2023] DSA-5502-1 xrdp - security update
        {CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479 
CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 
CVE-2022-23493}
        [bullseye] - xrdp 0.9.21.1-1~deb11u1


=====================================
data/dsa-needed.txt
=====================================
@@ -33,8 +33,6 @@ lldpd (carnil)
 nbconvert/oldstable
   Guilhem Moulin proposed an update ready for review
 --
-netatalk/oldstable (jmm)
---
 nodejs
   maintainer proposed to follow the upstream 18.x LTS branch
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1125a02a3bdf15804837072a03b8c0e4466d6341

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1125a02a3bdf15804837072a03b8c0e4466d6341
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] netatalk DSA

Reply via email to