> ---------- Forwarded message ---------- > From: Markus Koschany <a...@debian.org> > To: Daniel Markstedt <markst...@gmail.com>, 1036740-d...@bugs.debian.org > Cc: debian-...@lists.debian.org > Bcc: > Date: Thu, 01 Jun 2023 19:54:55 +0200 > Subject: Re: Bug#1036740: Fix for CVE-2022-23123 causes afpd segfault with > valid metadata > Version: 3.1.12~ds-3+deb10u2 > > Thanks for your report and the detailed replies. I could reproduce the problem > and identify a wrongly applied commit in libatalk/adouble/ad_open.c. After > applying a new patch to fix it, the AppleDouble v2 format seems to work as > intended again. I'm going to close this bug report now. > > Best, > > Markus >
Thank you Markus for narrowing down the problem and fixing it! I can confirm that appledouble=v2 works in my environment now too. So this covers the outstanding CVEs for oldstable now; are you already preparing to port the same patchset to stable as well? I can file another bug report if it helps. Best, Daniel
