Bug#1051066: marked as done (netatalk: 9 outstanding CVEs in Bullseye with available patches)

Sat, 23 Sep 2023 12:36:42 -0700 

Your message dated Sat, 23 Sep 2023 19:33:11 +0000
with message-id <e1qk8nl-00d7h3...@fasolo.debian.org>
and subject line Bug#1051066: fixed in netatalk 3.1.12~ds-8+deb11u1
has caused the Debian Bug report #1051066,
regarding netatalk: 9 outstanding CVEs in Bullseye with available patches
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1051066: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051066
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: netatalk
Version: 3.1.12~ds-8
Severity: critical
Tags: patch security
Justification: root security hole
X-Debbugs-Cc: pkg-netatalk-de...@alioth-lists.debian.net, Debian Security Team 
<t...@security.debian.org>

Nine CVE security advisories were addressed in netatalk upstream
releases between 3.1.13 and 3.1.15. The full list is below:

CVE-2022-45188
CVE-2022-43634
CVE-2022-23125
CVE-2022-23124
CVE-2022-23123
CVE-2022-23122
CVE-2022-23121
CVE-2022-0194
CVE-2021-31439

Current status of patching these vulnerabilities:
- netatalk oldoldstable has already been patched by the Security Team.
- netatalk unstable has already been patched by the maintainer team.
- The netatalk package was excluded from stable, no action required.
- What remains is to patch oldstable, hence this ticket.

A debpatch has been attached to the related Release bug ticket,
where approval to proceed with an oldstable release has been requested.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049325

-- System Information:
Debian Release: 11.7
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-11-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to C.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages netatalk depends on:
ii  init-system-helpers      1.60
ii  libacl1                  2.2.53-10
ii  libavahi-client3         0.8-5+deb11u2
ii  libavahi-common3         0.8-5+deb11u2
ii  libc6                    2.31-13+deb11u6
ii  libcrack2                2.9.6-3.4
ii  libcrypt1                1:4.4.18-4
ii  libdb5.3                 5.3.28+dfsg1-0.8
ii  libdbus-glib-1-2         0.110-6
ii  libevent-2.1-7           2.1.12-stable-1
ii  libgcrypt20              1.8.7-6
ii  libglib2.0-0             2.66.8-1
ii  libgssapi-krb5-2         1.18.3-6+deb11u3
ii  libkrb5-3                1.18.3-6+deb11u3
ii  libldap-2.4-2            2.4.57+dfsg-3+deb11u1
ii  libmariadb3              1:10.5.19-0+deb11u2
ii  libpam-modules           1.4.0-9+deb11u1
ii  libpam0g                 1.4.0-9+deb11u1
ii  libssl1.1                1.1.1n-0+deb11u4
ii  libtalloc2               2.3.1-2+b1
ii  libtdb1                  1.4.3-1+b1
ii  libtracker-sparql-2.0-0  2.3.6-2
ii  libwrap0                 7.6.q-31
ii  lsb-base                 11.1.0
ii  netbase                  6.3
ii  perl                     5.32.1-4+deb11u2

Versions of packages netatalk recommends:
ii  avahi-daemon      0.8-5+deb11u2
ii  cracklib-runtime  2.9.6-3.4
ii  dbus              1.12.24-0+deb11u1
ii  lsof              4.93.2+dfsg-1.1
ii  procps            2:3.3.17-5
ii  python3           3.9.2-3
ii  python3-dbus      1.2.16-5
ii  tracker           2.3.6-2

Versions of packages netatalk suggests:
pn  quota  <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: netatalk
Source-Version: 3.1.12~ds-8+deb11u1
Done: Daniel Markstedt <dan...@mindani.net>

We believe that the bug you reported is fixed in the latest version of
netatalk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1051...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Markstedt <dan...@mindani.net> (supplier of updated netatalk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 19 Sep 2023 22:19:20 -0700
Source: netatalk
Architecture: source
Version: 3.1.12~ds-8+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Netatalk team <pkg-netatalk-de...@lists.alioth.debian.org>
Changed-By: Daniel Markstedt <dan...@mindani.net>
Closes: 1051066
Changes:
 netatalk (3.1.12~ds-8+deb11u1) bullseye-security; urgency=high
 .
   * Fix CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122,
     CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634,
     CVE-2022-45188, CVE-2023-42464.
     Multiple security vulnerabilities have been discovered in netatalk, the
     Apple Filing Protocol service, which allow remote attackers to disclose
     sensitive information, cause a denial of service or execute arbitrary code.
     closes: bug#1051066
Checksums-Sha1:
 4960a3cb6d7fab2f0121fca418ceb271006d7117 2511 netatalk_3.1.12~ds-8+deb11u1.dsc
 4e74bef5aa967b56058e17c1cd482dec3534337e 1412452 netatalk_3.1.12~ds.orig.tar.xz
 3aecd88aa07df5cc3d858fea3818e5d004de3c9a 70884 
netatalk_3.1.12~ds-8+deb11u1.debian.tar.xz
 d6357e396f6adbbb222dde9d7c8c797b1300391f 10910 
netatalk_3.1.12~ds-8+deb11u1_amd64.buildinfo
Checksums-Sha256:
 5dd0cbb4e89d002f068411b0eae243f844c395c16710f5061a3bb69f62ce83d2 2511 
netatalk_3.1.12~ds-8+deb11u1.dsc
 fd1161dc17e3263f27204b6589045d56173d13c8e308311b09a6e0a7d1f1ca96 1412452 
netatalk_3.1.12~ds.orig.tar.xz
 e63f6ebf12ae95d22020e7dd96e3bb0d8f49dd5058fea081ad26c46d2b67a586 70884 
netatalk_3.1.12~ds-8+deb11u1.debian.tar.xz
 28f6d366eb700d0e0942e9a88b0728a7deb21f6a713783fef9ff18862e4a89a9 10910 
netatalk_3.1.12~ds-8+deb11u1_amd64.buildinfo
Files:
 80d397a34e420b597325a0970f620a6d 2511 net optional 
netatalk_3.1.12~ds-8+deb11u1.dsc
 7ef9068c950dfbdf7e0e59a3f081c95f 1412452 net optional 
netatalk_3.1.12~ds.orig.tar.xz
 7f97652d3dd6ab0272614dbea9feff62 70884 net optional 
netatalk_3.1.12~ds-8+deb11u1.debian.tar.xz
 27c0ef3015f3b70820009f07ac761d57 10910 net optional 
netatalk_3.1.12~ds-8+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmUK9E8ACgkQEMKTtsN8
TjbEBw/9GE6L3ZpGvezMVDiU1IGVwpFqn8syFcazrGJIac2+oZ279XvauUEdRMmz
TlKGsidGgAzCsT+089ArGef6ECfyPmj1q9+OOrfALuIC76crdoe8a7DIxVCNUvwf
M9F8aCfQgXpQ68SXrtEMvifpgMyK5/UIdHzeCCybWIFeybVlUItu3x7mwF12q0b9
thFiODqhFL4ceBBifCCKAOyUew8P0UMAPCtSphJhePiaYwE8QFFPmviEIQ9TijUu
3wIwS+mIBFFfURAGBs9MK/aMQqUxBgw+f1D+j9mE9MJTbzR0Hu5/HVVyDk2bO2h2
6I3eYlJAGjpYDwCQdS3hR4MFvhLDh3XTkF5G/rJkes54DACIrUWeCw5oCcoEm7Fu
JvVvk6jXR9HSAgboww93Kg14EnnNOs/dGZFjnl1W3XauRF8IKSf195P1XvXsFAoY
z2apIdkR9peT4LEbqjybT/d1sJ9TS4BeDrQ63k5G2OnUsCOFAHRvTnyDNjcaFWxT
R1AoCxl3xIyJp/xByRTxzu8bNSr010TJdf0HdppMnS/29ePOsVHGbY6XbfjN0T0E
7yGI6zj+XqOaUbG6qdWi9VbDsc0NCTSHajxa/lhd+3OCIFZnJJceCAV2skJz5vBJ
I/+HPYC/runGEERGJ4KEX8EUe4NLNw/iFRRZPlnnb4G3d4OzSxU=
=54g+
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to