Your message dated Fri, 10 Sep 2021 10:48:50 +0000 with message-id <e1moe5s-000a26...@fasolo.debian.org> and subject line Bug#988386: fixed in ntfs-3g 1:2017.3.23AR.3-3+deb10u1 has caused the Debian Bug report #988386, regarding ntfs-3g: CVE-2021-33285 CVE-2021-35269 CVE-2021-35268 CVE-2021-33289 CVE-2021-33286 CVE-2021-35266 CVE-2021-33287 CVE-2021-35267 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-2021-39263 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 988386: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ntfs-3g Version: 2017.3.23AR.3 For CVE's pending from upstream, is everything already mirrored so upstream fixes are applied in the next release? I'm asking because the upstream maintainers are trying to identify how soon their fixes will be applied to your packages. Thanks, -- *Jeremy Galindo* Associate Mgr., Offensive Security Datto, Inc. Direct Line www.datto.com <http://www.datto.com/datto-signature/> Join the conversation! [image: Facebook] <http://www.facebook.com/dattoinc> [image: Twitter] <https://twitter.com/Datto> [image: LinkedIn] <https://www.linkedin.com/company/5213385> [image: Blog RSS] <http://blog.datto.com/blog> [image: Slideshare] <http://www.slideshare.net/backupify> [image: Spiceworks] <https://community.spiceworks.com/pages/datto>
--- End Message ---
--- Begin Message ---Source: ntfs-3g Source-Version: 1:2017.3.23AR.3-3+deb10u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of ntfs-3g, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 988...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ntfs-3g package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 05 Sep 2021 14:53:02 +0200 Source: ntfs-3g Architecture: source Version: 1:2017.3.23AR.3-3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 988386 Changes: ntfs-3g (1:2017.3.23AR.3-3+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fixed an endianness error in ntfscp * Checked the locations of MFT and MFTMirr at startup * Fix multiple buffer overflows. CVE-2021-33285, CVE-2021-35269, CVE-2021-35268, CVE-2021-33289, CVE-2021-33286, CVE-2021-35266, CVE-2021-33287, CVE-2021-35267, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. (Closes: #988386) Checksums-Sha1: 4c9b98ac5aba5635d06fdfd59e070c11b06145b2 2363 ntfs-3g_2017.3.23AR.3-3+deb10u1.dsc 7da89778338c57bc3326107c3413d36883496f39 34876 ntfs-3g_2017.3.23AR.3-3+deb10u1.debian.tar.xz Checksums-Sha256: a36b939deba2bf22a98ee6d340162b2bfb103d65c13daeffb10fd3a49dcd6b5e 2363 ntfs-3g_2017.3.23AR.3-3+deb10u1.dsc 35def7823d7690c9d54496a145fb11107ccb0f6073e35f06e4cad5d1e73a0fae 34876 ntfs-3g_2017.3.23AR.3-3+deb10u1.debian.tar.xz Files: 321f8a585f4202d4c699eb6dc92011d3 2363 otherosfs optional ntfs-3g_2017.3.23AR.3-3+deb10u1.dsc 08b36230b5ab1d9a4ea53417fcfdbd38 34876 otherosfs optional ntfs-3g_2017.3.23AR.3-3+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmE0ygRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ems4P/jyNLRN6ZY6m4d83JPIMTZOY8x9yLB0E cXPMs1DPhYz+l32WkWgsqB7ZYJmhQNiDcSoSJ7Srh9EVV9xeBpmKkgXg4K0G6nqs pUxKJj0iySEqI15EbmzzYPgrEzHudFVRNruFi74aaiIkb2Gov315K0e+MUH2qvBG ZRv0nrXuGVtwCRSPVeB0J6dUGJl+GCWMv7c6dH9SrrhbUhf1QGqGgJFQzFZ8L/L/ 5269eEmStLvWy2ZuaNizfRmA3cpYKiiSIsniyrHNox0AZhn6+vZcCKFYjWsAYi5L tgDhOinHeAp2Y3k7k2ef1cJ1qokcNKxa6Fk2/IYyEwAy7hW/OuF+EorhguCD9LF2 i8NemPr1dUhhrszfyqs5jOBSb/orvXjzrzYlizDnse4XYkOW/gPucWpbSGYMEkIm lSr+cejqftje/8Y3k2jF3mHlOUpznsXEsJPViEKU0lW3xADeDRe1mLD6FNa33Clr 8FRBJtnzspTkxcqMZNXAKYG+Usop5oPhBuaNBD3DYH+XShGpR8NYOuy7jFxVLALp QgBJunvDE3Geu+FwP2o5qAkeWFQS0vfYNKQLaSqE3tYkpC52MbaWPvxbM4nxx0h5 JoFeBaM+f14XaV1aXdsBkOcd2p7AQoMO64fREX/P+DOKfjfz0UCewYkRYhMqgWBl t3Svmxdb46QE =8ttz -----END PGP SIGNATURE-----
--- End Message ---
