Control: forwarded -1 https://github.com/Netatalk/netatalk/pull/174
Hi Daniel, On Wed, May 24, 2023 at 10:50:41PM -0700, Daniel Markstedt wrote: > Package: netatalk > Version: 3.1.12~ds-3+deb10u1 > X-Debbugs-Cc: t...@security.debian.org > > The code that addressed CVE-2022-23123 introduced appledouble metadata > validity assertions that were too strict and caused instant segfaults > with valid metadata for a large number of users. > > These two commits in upstream addressed this: > https://github.com/Netatalk/netatalk/commit/9d0c21298363e8174cdfca657e66c4d10819507b > https://github.com/Netatalk/netatalk/commit/4140e5495bac42ecb9b11975229c81e84762cc98 > > For the full discussion see this PR: > https://github.com/Netatalk/netatalk/pull/174 > > I would recommend accepting these patches into oldstable, as well as > stable once the CVE patches get ported there too. Thanks for the report. Forwarding it as well to the debian-lts list (FTR if you use reportbug, it chooses the right X-Debbugs-CC as well for such regression reports, if they match some criteria). Regards, Salvatore
