New Debian ntfs-3g 1:2017.3.23AR.3-4+deb11u4~deb10u1 fixes: This update addresses the following issues: 1:2017.3.23AR.3-4+deb11u4~deb10u1 (Fri, 04 Oct 2024 14:05:19 +0300) * Non-maintainer upload by the ELTS Team. * Rebuild for buster. 1:2017.3.23AR.3-4+deb11u4 (Sun, 23 Jun 2024 14:34:20 +0200) * Fix use-after-free in 'ntfs_uppercase_mbs' (CVE-2023-52890). 1:2017.3.23AR.3-4+deb11u3 (Wed, 02 Nov 2022 22:46:28 +0100) * Non-maintainer upload by the Security Team. * Rejected zero-sized runs (CVE-2022-40284) * Avoided merging runlists with no runs (CVE-2022-40284) 1:2017.3.23AR.3-4+deb11u2 (Wed, 08 Jun 2022 22:42:53 +0200) * Fix multiple issues - Used a default usn when the former one cannot be retrieved (CVE-2022-30788) - Made sure there is no null character in an attribute name (CVE-2022-30786) - Avoided allocating and reading an attribute beyond its full size (CVE-2022-30784) - Made sure the client log data does not overflow from restart page (CVE-2022-30789) - Made sure there is no null character in an attribute name (bis) (CVE-2022-30786) - Fixed possible out-of-buffer condition in ntfsck (CVE-2021-46790) - Fixed operation on little endian data (CVE-2022-30788) - Returned an error code when the --help or --version options are used (CVE-2022-30783) - Hardened the checking of directory offset requested by a readdir (CVE-2022-30785, CVE-2022-30787) 1:2017.3.23AR.3-4+deb11u1 (Sun, 05 Sep 2021 14:50:38 +0200) * Fixed an endianness error in ntfscp * Checked the locations of MFT and MFTMirr at startup * Fix multiple buffer overflows. CVE-2021-33285, CVE-2021-35269, CVE-2021-35268, CVE-2021-33289, CVE-2021-33286, CVE-2021-35266, CVE-2021-33287, CVE-2021-35267, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. 1:2017.3.23AR.3-4 (Tue, 23 Feb 2021 22:23:01 +0100) * Move fuse to simple dependency. * Suggest fdisk on ntfs-3g.
--- mirror/ftp/pool/main/n/ntfs-3g/ntfs-3g_2017.3.23AR.3-3+deb10u3.dsc +++ apt/ucs_5.0-0-errata5.0-9/source/ntfs-3g_2017.3.23AR.3-4+deb11u4~deb10u1.dsc @@ -1,11 +1,19 @@ -1:2017.3.23AR.3-3+deb10u3 [Sun, 20 Nov 2022 22:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: +1:2017.3.23AR.3-4+deb11u4~deb10u1 [Fri, 04 Oct 2024 14:05:19 +0300] Adrian Bunk <bunk@debian.org>: - * Non-maintainer upload by the LTS Team. - * CVE-2022-40284 - - Rejected zero-sized runs - - Avoided merging runlists with no runs + * Non-maintainer upload by the ELTS Team. + * Rebuild for buster. -1:2017.3.23AR.3-3+deb10u2 [Thu, 09 Jun 2022 14:43:42 +0200] Salvatore Bonaccorso <carnil@debian.org>: +1:2017.3.23AR.3-4+deb11u4 [Sun, 23 Jun 2024 14:34:20 +0200] Laszlo Boszormenyi (GCS) <gcs@debian.org>: + + * Fix use-after-free in 'ntfs_uppercase_mbs' (CVE-2023-52890). + +1:2017.3.23AR.3-4+deb11u3 [Wed, 02 Nov 2022 22:46:28 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Rejected zero-sized runs (CVE-2022-40284) + * Avoided merging runlists with no runs (CVE-2022-40284) + +1:2017.3.23AR.3-4+deb11u2 [Wed, 08 Jun 2022 22:42:53 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. * Fix multiple issues (Closes: #1011770) @@ -26,7 +34,7 @@ - Hardened the checking of directory offset requested by a readdir (CVE-2022-30785, CVE-2022-30787) -1:2017.3.23AR.3-3+deb10u1 [Sun, 05 Sep 2021 14:53:02 +0200] Salvatore Bonaccorso <carnil@debian.org>: +1:2017.3.23AR.3-4+deb11u1 [Sun, 05 Sep 2021 14:50:38 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. * Fixed an endianness error in ntfscp @@ -39,6 +47,11 @@ CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263. (Closes: #988386) +1:2017.3.23AR.3-4 [Tue, 23 Feb 2021 22:23:01 +0100] Laszlo Boszormenyi (GCS) <gcs@debian.org>: + + * Move fuse to simple dependency (closes: #983359). + * Suggest fdisk on ntfs-3g (closes: #872134). + 1:2017.3.23AR.3-3 [Thu, 21 Mar 2019 23:52:51 +0000] Laszlo Boszormenyi (GCS) <gcs@debian.org>: [ Salvatore Bonaccorso <carnil@debian.org> ] <http://piuparts.knut.univention.de/5.0-9/#4214188512184860527>
OK: bug OK: yaml OK: announce_errata OK: patch ~OK: piuparts Freexian ships dbgsym packages [5.0-9] d93f79bc8b Bug #57646: ntfs-3g 1:2017.3.23AR.3-4+deb11u4~deb10u1 doc/errata/staging/ntfs-3g.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) [5.0-9] e65a76acc2 Bug #57646: ntfs-3g 1:2017.3.23AR.3-4+deb11u4~deb10u1 doc/errata/staging/ntfs-3g.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [5.0-9] e6a212891f Bug #57646: ntfs-3g 1:2017.3.23AR.3-4+deb11u4~deb10u1 doc/errata/staging/ntfs-3g.yaml | 45 +++++++++++++++-------------------------- 1 file changed, 16 insertions(+), 29 deletions(-) [5.0-9] 2a67cb5647 Bug #57646: ntfs-3g 1:2017.3.23AR.3-4+deb11u4~deb10u1 doc/errata/staging/ntfs-3g.yaml | 74 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1139>