| Summary: | netatalk new security issues CVE-2022-0194 and CVE-2022-2312[2-4] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | David GEIGER <geiger.david68210> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | netatalk-3.1.12-9.mga9.src.rpm | CVE: | |
| Status comment: | Upstream fix in 3.1.13 caused regression, no good fix yet | ||
| Bug Depends on: | 30287, 31255 | ||
| Bug Blocks: | |||
|
Description
David Walser
2022-04-14 00:35:28 CEST
David Walser
2022-04-14 00:35:55 CEST
Whiteboard:
(none) =>
MGA8TOO This package has no formal maintainer, but am assigning this (& its companion 30287) to DavidG who commited version: 3.1.12 - over 3y ago! Assignee:
bugsquad =>
geiger.david68210
David Walser
2022-12-09 17:43:59 CET
Depends on:
(none) =>
31255 Fixed in Cauldron with latest 3.1.14 release!
David Walser
2023-01-31 15:40:08 CET
Version:
Cauldron =>
8 Done also for mga8! (In reply to David GEIGER from comment #2) > Fixed in Cauldron with latest 3.1.14 release! Are you sure that 3.1.14 fixes these CVEs (do you have a link that confirms that)? What about the CVE in Bug 31255? from NEWS file: Changes in 3.1.13 ================= * FIX: CVE-2021-31439 * FIX: CVE-2022-23121 * FIX: CVE-2022-23123 * FIX: CVE-2022-23122 * FIX: CVE-2022-23125 * FIX: CVE-2022-23124 * FIX: CVE-2022-0194 * FIX: afpd: make a variable declaration a definition * UPD: Remove bundled libevent Ahh, so we already knew those fixes were in 3.1.13. The question is does 3.1.14 fix the regression? Don't really know, it is not clearly mentioned in NEWS file: https://github.com/Netatalk/Netatalk/commit/895cecbeeae655b2793df6fcbf9df1c1bfbe285d Fixed in: https://advisories.mageia.org/MGASA-2023-0027.html Resolution:
(none) =>
FIXED |