Accepted netatalk 3.1.12~ds-3+deb10u4 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted netatalk 3.1.12~ds-3+deb10u4 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 25 Sep 2023 20:00:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: netatalk_3.1.12~ds-3+deb10u4_source.changes
- Debian-source: netatalk
- Debian-suite: oldoldstable
- Debian-version: 3.1.12~ds-3+deb10u4
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=tKnZaZCj8UbZHXkN5MUkE7YOP36QZwuWqEu26h7rnIM=; b=aV8Eo0X5Hh5xIpKkD4pWO8bJde NtLGbg5y+46QbAZl8dvEq4GjekEyp03QkP1PXq8YnTmMjGafVhbaXXNgKbMwUePzQ5yOd6qpcuN01 GLqonOp8D3CbrpmZICwBnBllDKRxxlx8js9D+uXaR0rRgcwPykrKSsq4/eurecciw2q7ONuSplhF8 ZWY/Jzphs0xghVfHhAGNcEzA1GglDPaRCpE8+dN6HD2EnIY8i1q7VYMVcO0HsfNtODg09B8y5D3rQ EXI1AtMB3C1eXYK/GTvaM6MkAZO/0gNlpSAnplCcMirYjoqc/UDjSMFALGNN30maxSz3YaLwvAa1m ALFG85ww==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qkrkh-000gv4-Oy@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Sep 2023 21:48:23 CEST
Source: netatalk
Architecture: source
Version: 3.1.12~ds-3+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Debian Netatalk team <pkg-netatalk-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
589f640019c38a7efae79b9012f812294522e0f3 2675 netatalk_3.1.12~ds-3+deb10u4.dsc
c813909d572c0bacdee959fd2301da035945bb1f 68448 netatalk_3.1.12~ds-3+deb10u4.debian.tar.xz
694d2a4c594d4b3bc94d022239d1b60bf182c272 10388 netatalk_3.1.12~ds-3+deb10u4_amd64.buildinfo
Checksums-Sha256:
66df47fde9153270040a6e8b400ea93cd1ecaa0a7ca3cf86054140b487642663 2675 netatalk_3.1.12~ds-3+deb10u4.dsc
a0133f71ec004080686c27634372dba0fcbfc1194ad952085255a8f8ae592e0e 68448 netatalk_3.1.12~ds-3+deb10u4.debian.tar.xz
1ea5ed60658cfbc4b08426fc957f2155a7043be00dcbd798a0b4c2f9ce991dda 10388 netatalk_3.1.12~ds-3+deb10u4_amd64.buildinfo
Changes:
netatalk (3.1.12~ds-3+deb10u4) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Florent Saudel and Arnaud Gatignol discovered a Type Confusion
vulnerability in the Spotlight RPC functions in afpd in Netatalk. When
parsing Spotlight RPC packets, one encoded data structure is a key-value
style dictionary where the keys are character strings, and the values can
be any of the supported types in the underlying protocol. Due to a lack of
type checking in callers of the dalloc_value_for_key() function, which
returns the object associated with a key, a malicious actor may be able to
fully control the value of the pointer and theoretically achieve Remote
Code Execution on the host.
Files:
b7d719d3e6bd84a2252f9874f8339526 2675 net optional netatalk_3.1.12~ds-3+deb10u4.dsc
f42e6ec5bbffe96cd144268042dd3646 68448 net optional netatalk_3.1.12~ds-3+deb10u4.debian.tar.xz
a12450c1f919bab95a8c5a7c6649435f 10388 net optional netatalk_3.1.12~ds-3+deb10u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUR5CdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk5HYP/0j8wjVTaRb91+0twO+eaoQ2g9nFkUEJ3cZx
Nr9p59QonlUI5hcLvgflQ57kt0LgNIdT1j2IHnU8ceULYdKYRUt+azdczZCdxk/6
KI/eSnLeIgk3n8v8BppdayiHpk3+ZIh+lFCdekRSCSGwW4Zq3UfviGK8U3KD/4lx
FaefF16GOjsY3hR9eH6Ag6PMG4c4oq7+nv/sRLrxNJNxx/4CQl5IoaQ4xKBb/L0L
kpHLzUCO6+6kJVW1ahCNwaMmXzedFqJ3gDHgGOsnvDe0YwIYO7p1yP8AwdZVd+39
KbvnJgqpvJ+UlDCz5snGUZI6oQ9VZQS8m2kLF6frp/jUtXGw2w0lwX9OBvANMelz
CQ70/fSGCoAnbYlqoLa+MLkdv5hn013Oe16gGKcvQ113mPT4NRc6VxX40WChtmnB
fI/72zbD89Ycj6aaa/RdQqD1Tgvfs3yJ29agLH87wDNhxvZJgyS33xUvrbLkLrht
zF14yBwgWJhqX40r3CJxM0EJDK1QZjntSrJAgC87jt9K2spq+KgQWmbckQ6tqksO
TCegsMDprwtZ6VyNJYvcrcZgK6ZjJgtV1RYgyHFXFSPZxJQwhhY2YfMgJckUTd1Z
N00lOhWq6E2ny72h/2XawhjMGPAbwXdU25Rb/olisEDdQuue9U0xZcAsZYK5T4fo
O2Y09isE
=gu8z
-----END PGP SIGNATURE-----