Package: netatalk Version: 3.1.12~ds-3+deb10u1 X-Debbugs-Cc: t...@security.debian.org
The code that addressed CVE-2022-23123 introduced appledouble metadata validity assertions that were too strict and caused instant segfaults with valid metadata for a large number of users. These two commits in upstream addressed this: https://github.com/Netatalk/netatalk/commit/9d0c21298363e8174cdfca657e66c4d10819507b https://github.com/Netatalk/netatalk/commit/4140e5495bac42ecb9b11975229c81e84762cc98 For the full discussion see this PR: https://github.com/Netatalk/netatalk/pull/174 I would recommend accepting these patches into oldstable, as well as stable once the CVE patches get ported there too.
