-
netatalk (3.1.12~ds-4ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42464.patch: validate data type in
dalloc_value_for_key() to avoid type confusion.
- CVE-2023-42464
-- Allen Huang <email address hidden> Thu, 07 Dec 2023 13:48:08 +0000
-
netatalk (3.1.12~ds-4ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: RCE vulnerability
- debian/patches/CVE-2021-31439.patch: libatalk: apply limit checking
to DSI write offset
- CVE-2021-31439
* SECURITY UPDATE: RCE with root privileges
- debian/patches/CVE-2022-0194_23122_23123_23124_*.patch: add defines
for icon lengths, harden ad_entry(), add handling for cases where
ad_entry() returns NULL, protect against removing AFP metadata xattr,
avoid setting adouble entries on symlinks
- debian/patches/CVE-2022-23121-*.patch: apply hardening to
parse_entries()
- debian/patches/CVE-2022-23125.patch: harden copyapplfile()
- debian/patches/CVE-2022-43634.patch: fix dsi_writeinit() function
- CVE-2022-0194
- CVE-2022-23121
- CVE-2022-23122
- CVE-2022-23123
- CVE-2022-23124
- CVE-2022-23125
- CVE-2022-43634
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-45188.patch: fixes the heap-based buffer
overflow in afp_getappl()
- CVE-2022-45188
-- Nishit Majithia <email address hidden> Thu, 08 Jun 2023 09:48:49 +0530
-
netatalk (3.1.12~ds-4) unstable; urgency=medium
* Fix Vcs-Git URL.
* Extend patch 101 to support cross-building.
Closes: Bug#942185. Thanks to Helmut Grohne.
* Declare compliance with Debian Policy 4.2.1.
* Set Rules-Requires-Root: no.
-- Jonas Smedegaard <email address hidden> Fri, 11 Oct 2019 19:11:33 +0200
-
netatalk (3.1.12~ds-3) unstable; urgency=medium
* Update autopkgtest: Add sbin paths to PATH.
-- Jonas Smedegaard <email address hidden> Sat, 02 Mar 2019 00:32:52 +0100