This bug was fixed in the package nbd - 1:3.24-1
---------------
nbd (1:3.24-1) unstable; urgency=medium
* New upstream release.
- CVE-2022-26495: Disallow name lenghts of (unsigned int)-1, by
constraining the length to 4096 bytes
- CVE-2022-26496: Fix buffer overflow in NBD_OPT_INFO/NBD_OPT_GO
handling.
- These security are tracked in the Debian BTS; Closes: #1006915.
- nbd-server transaction logs can now optionally also log data
- New binary: nbd-trplay, to replay (to an image) a transaction log.
-- Wouter Verhelst <[email protected]> Tue, 08 Mar 2022 10:02:56 +0200
** Changed in: nbd (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26495
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26496
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971294
Title:
Merge nbd from Debian unstable for kinetic
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nbd/+bug/1971294/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
