diff -Nru ntfs-3g-2017.3.23AR.3/debian/changelog ntfs-3g-2017.3.23AR.3/debian/changelog --- ntfs-3g-2017.3.23AR.3/debian/changelog 2021-08-23 13:18:46.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/changelog 2022-06-06 18:09:42.000000000 +0000 @@ -1,3 +1,41 @@ +ntfs-3g (1:2017.3.23AR.3-3ubuntu1.2) focal-security; urgency=medium + + * SECURITY UPDATE: heap buffer overflow in ntfsck + - debian/patches/CVE-2021-46790.patch: properly handle error in + ntfsprogs/ntfsck.c. + - CVE-2021-46790 + * SECURITY UPDATE: traffic interception via incorrect return code + - debian/patches/CVE-2022-30783.patch: return proper error code in + libfuse-lite/mount.c, src/ntfs-3g_common.c, src/ntfs-3g_common.h. + - CVE-2022-30783 + * SECURITY UPDATE: heap exhaustion via invalid NTFS image + - debian/patches/CVE-2022-30784.patch: Avoid allocating and reading an + attribute beyond its full size in libntfs-3g/attrib.c. + - CVE-2022-30784 + * SECURITY UPDATE: arbitrary memory access via fuse + - debian/patches/CVE-2022-30785_30787.patch: check directory offset in + libfuse-lite/fuse.c. + - CVE-2022-30785 + - CVE-2022-30787 + * SECURITY UPDATE: heap overflow via ntfs attribute names + - debian/patches/CVE-2022-30786-1.patch: make sure there is no null + character in an attribute name in libntfs-3g/attrib.c. + - debian/patches/CVE-2022-30786-2.patch: make sure there is no null + character in an attribute name in libntfs-3g/attrib.c. + - CVE-2022-30786 + * SECURITY UPDATE: heap buffer overflow via crafted NTFS image + - debian/patches/CVE-2022-30788-1.patch: use a default usn when the + former one cannot be retrieved in libntfs-3g/mft.c. + - debian/patches/CVE-2022-30788-2.patch: fix operation on little endian + data in libntfs-3g/mft.c. + - CVE-2022-30788 + * SECURITY UPDATE: heap buffer overflow via crafted NTFS image + - debian/patches/CVE-2022-30789.patch: make sure the client log data + does not overflow from restart page in libntfs-3g/logfile.c. + - CVE-2022-30789 + + -- Marc Deslauriers Mon, 06 Jun 2022 14:09:42 -0400 + ntfs-3g (1:2017.3.23AR.3-3ubuntu1.1) focal-security; urgency=medium * SECURITY UPDATE: multiple security issues diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2021-46790.patch ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2021-46790.patch --- ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2021-46790.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2021-46790.patch 2022-06-06 18:09:03.000000000 +0000 @@ -0,0 +1,25 @@ +From 96412e28e5c7ac2d15f1cff8c825330bbb60976e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Tue, 10 May 2022 10:30:24 +0200 +Subject: [PATCH] Fixed possible out-of-buffer condition in ntfsck + +A bad usa_count could lead to an out-of-buffer condition. Just avoid +the issue and report the error, still not fix it. +--- + ntfsprogs/ntfsck.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ntfsprogs/ntfsck.c b/ntfsprogs/ntfsck.c +index d49f3f96..8c126411 100644 +--- a/ntfsprogs/ntfsck.c ++++ b/ntfsprogs/ntfsck.c +@@ -616,7 +616,8 @@ static BOOL check_file_record(u8 *buffer, u16 buflen) + + // Remove update seq & check it. + usa = *(u16*)(buffer+usa_ofs); // The value that should be at the end of every sector. +- assert_u32_equal(usa_count-1, buflen/NTFS_BLOCK_SIZE, "USA length"); ++ if (assert_u32_equal(usa_count-1, buflen/NTFS_BLOCK_SIZE, "USA length")) ++ return (1); + for (i=1;i +Date: Tue, 10 May 2022 10:44:34 +0200 +Subject: [PATCH] Returned an error code when the --help or --version options + are used + +Accepting --help or --version options may leave the ntfs-3g process in an +unclean state, so reject them while processing options. Also reject +them in libfuse-lite. +--- + libfuse-lite/mount.c | 3 +-- + src/ntfs-3g_common.c | 6 ++++++ + src/ntfs-3g_common.h | 2 ++ + 3 files changed, 9 insertions(+), 2 deletions(-) + +--- a/libfuse-lite/mount.c ++++ b/libfuse-lite/mount.c +@@ -670,11 +670,10 @@ int fuse_kern_mount(const char *mountpoi + fprintf(stderr, "fuse: 'allow_other' and 'allow_root' options are mutually exclusive\n"); + goto out; + } +- res = 0; ++ res = -1; + if (mo.ishelp) + goto out; + +- res = -1; + if (get_mnt_flag_opts(&mnt_opts, mo.flags) == -1) + goto out; + #ifndef __SOLARIS__ +--- a/src/ntfs-3g_common.c ++++ b/src/ntfs-3g_common.c +@@ -130,6 +130,10 @@ const struct DEFOPTION optionlist[] = { + { "usermapping", OPT_USERMAPPING, FLGOPT_STRING }, + { "xattrmapping", OPT_XATTRMAPPING, FLGOPT_STRING }, + { "efs_raw", OPT_EFS_RAW, FLGOPT_BOGUS }, ++ { "--help", OPT_HELP, FLGOPT_BOGUS }, ++ { "-h", OPT_HELP, FLGOPT_BOGUS }, ++ { "--version", OPT_VERSION, FLGOPT_BOGUS }, ++ { "-V", OPT_VERSION, FLGOPT_BOGUS }, + { (const char*)NULL, 0, 0 } /* end marker */ + } ; + +@@ -502,6 +506,8 @@ char *parse_mount_options(ntfs_fuse_cont + * mounted or not. + * (falling through to default) + */ ++ case OPT_HELP : /* Could lead to unclean condition */ ++ case OPT_VERSION : /* Could lead to unclean condition */ + default : + ntfs_log_error("'%s' is an unsupported option.\n", + poptl->name); +--- a/src/ntfs-3g_common.h ++++ b/src/ntfs-3g_common.h +@@ -92,6 +92,8 @@ enum { + OPT_USERMAPPING, + OPT_XATTRMAPPING, + OPT_EFS_RAW, ++ OPT_HELP, ++ OPT_VERSION, + } ; + + /* Option flags */ diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30784.patch ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30784.patch --- ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30784.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30784.patch 2022-06-06 18:09:12.000000000 +0000 @@ -0,0 +1,68 @@ +From 60717a846deaaea47e50ce58872869f7bd1103b5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Tue, 21 Sep 2021 10:56:06 +0200 +Subject: [PATCH] Avoided allocating and reading an attribute beyond its full + size + +Before reading a full attribute value for internal use, its expected +length has been checked to be < 0x40000. However the allocated size +in the runlist may be much bigger as a consequence of a bug or malice. +To prevent malloc'ing excessive size, restrict the size of the last +run to read to the needed length. +--- + libntfs-3g/attrib.c | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c +index 00bfca84..51c8536f 100644 +--- a/libntfs-3g/attrib.c ++++ b/libntfs-3g/attrib.c +@@ -216,6 +216,7 @@ s64 ntfs_get_attribute_value(const ntfs_volume *vol, + if (total + (rl[i].length << vol->cluster_size_bits) >= + sle64_to_cpu(a->data_size)) { + unsigned char *intbuf = NULL; ++ s64 intlth; + /* + * We have reached the last run so we were going to + * overflow when executing the ntfs_pread() which is +@@ -229,8 +230,18 @@ s64 ntfs_get_attribute_value(const ntfs_volume *vol, + * We have reached the end of data size so we were + * going to overflow in the same fashion. + * Temporary fix: same as above. ++ * ++ * For safety, limit the amount to read to the ++ * needed size, knowing that the whole attribute ++ * size has been checked to be <= 0x40000. + */ +- intbuf = ntfs_malloc(rl[i].length << vol->cluster_size_bits); ++ intlth = (sle64_to_cpu(a->data_size) - total ++ + vol->cluster_size - 1) ++ >> vol->cluster_size_bits; ++ if (rl[i].length < intlth) ++ intlth = rl[i].length; ++ intbuf = (u8*)ntfs_malloc(intlth ++ << vol->cluster_size_bits); + if (!intbuf) { + free(rl); + return 0; +@@ -246,14 +257,15 @@ s64 ntfs_get_attribute_value(const ntfs_volume *vol, + * - Yes we can, in sparse files! But not necessarily + * size of 16, just run length. + */ +- r = ntfs_pread(vol->dev, rl[i].lcn << +- vol->cluster_size_bits, rl[i].length << +- vol->cluster_size_bits, intbuf); +- if (r != rl[i].length << vol->cluster_size_bits) { ++ r = ntfs_pread(vol->dev, ++ rl[i].lcn << vol->cluster_size_bits, ++ intlth << vol->cluster_size_bits, ++ intbuf); ++ if (r != intlth << vol->cluster_size_bits) { + #define ESTR "Error reading attribute value" + if (r == -1) + ntfs_log_perror(ESTR); +- else if (r < rl[i].length << ++ else if (r < intlth << + vol->cluster_size_bits) { + ntfs_log_debug(ESTR ": Ran out of input data.\n"); + errno = EIO; diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30785_30787.patch ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30785_30787.patch --- ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30785_30787.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30785_30787.patch 2022-06-06 18:09:18.000000000 +0000 @@ -0,0 +1,25 @@ +From fb28eef6f1c26170566187c1ab7dc913a13ea43c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Tue, 10 May 2022 10:48:18 +0200 +Subject: [PATCH] Hardened the checking of directory offset requested by a + readdir + +When asked for the next directory entries, make sure the chunk offset +is within valid values, otherwise return no more entries in chunk. +--- + libfuse-lite/fuse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libfuse-lite/fuse.c b/libfuse-lite/fuse.c +index 6f9242b7..3d653e63 100644 +--- a/libfuse-lite/fuse.c ++++ b/libfuse-lite/fuse.c +@@ -2223,7 +2223,7 @@ static void fuse_lib_readdir(fuse_req_t req, fuse_ino_t ino, size_t size, + } + } + if (dh->filled) { +- if (off < dh->len) { ++ if ((off >= 0) && (off < dh->len)) { + if (off + size > dh->len) + size = dh->len - off; + } else diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30786-1.patch ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30786-1.patch --- ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30786-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30786-1.patch 2022-06-06 18:09:22.000000000 +0000 @@ -0,0 +1,30 @@ +From 838b6e35b43062353998853eab50cd0675201ed7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Tue, 21 Sep 2021 10:54:50 +0200 +Subject: [PATCH] Made sure there is no null character in an attribute name + +When copying an attribute name which contains a null, it is truncated +and this may lead to accessing non-allocated bytes when relying on the +expected name length. Such names must therefore be rejected. +--- + libntfs-3g/attrib.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/libntfs-3g/attrib.c ++++ b/libntfs-3g/attrib.c +@@ -426,7 +426,15 @@ ntfs_attr *ntfs_attr_open(ntfs_inode *ni + na = ntfs_calloc(sizeof(ntfs_attr)); + if (!na) + goto out; ++ if (!name_len) ++ name = (ntfschar*)NULL; + if (name && name != AT_UNNAMED && name != NTFS_INDEX_I30) { ++ /* A null char leads to a short name and unallocated bytes */ ++ if (ntfs_ucsnlen(name, name_len) != name_len) { ++ ntfs_log_error("Null character in attribute name" ++ " of inode %lld\n",(long long)ni->mft_no); ++ goto err_out; ++ } + name = ntfs_ucsndup(name, name_len); + if (!name) + goto err_out; diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30786-2.patch ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30786-2.patch --- ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30786-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30786-2.patch 2022-06-06 18:09:25.000000000 +0000 @@ -0,0 +1,39 @@ +From 5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Fri, 5 Nov 2021 08:41:20 +0100 +Subject: [PATCH] Made sure there is no null character in an attribute name + (bis) + +When copying an attribute name which contains a null, it is truncated +and this may lead to accessing non-allocated bytes when relying on the +expected name length. Such (illegal) names must therefore be rejected. +--- + libntfs-3g/attrib.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c +index 51c8536f..efb91943 100644 +--- a/libntfs-3g/attrib.c ++++ b/libntfs-3g/attrib.c +@@ -452,8 +452,19 @@ ntfs_attr *ntfs_attr_open(ntfs_inode *ni, const ATTR_TYPES type, + + if (!name) { + if (a->name_length) { +- name = ntfs_ucsndup((ntfschar*)((u8*)a + le16_to_cpu( +- a->name_offset)), a->name_length); ++ ntfschar *attr_name; ++ ++ attr_name = (ntfschar*)((u8*)a ++ + le16_to_cpu(a->name_offset)); ++ /* A null character leads to illegal memory access */ ++ if (ntfs_ucsnlen(attr_name, a->name_length) ++ != a->name_length) { ++ ntfs_log_error("Null character in attribute" ++ " name in inode %lld\n", ++ (long long)ni->mft_no); ++ goto put_err_out; ++ } ++ name = ntfs_ucsndup(attr_name, a->name_length); + if (!name) + goto put_err_out; + newname = name; diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30788-1.patch ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30788-1.patch --- ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30788-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30788-1.patch 2022-06-06 18:09:29.000000000 +0000 @@ -0,0 +1,45 @@ +From a8818cf779d3a32f2f52337c6f258c16719625a3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Tue, 21 Sep 2021 10:53:16 +0200 +Subject: [PATCH] Used a default usn when the former one cannot be retrieved + +When creating a new MFT record, the former seq_no and usn are retrieved +to avoid the new one to be mistaken for the former one. +This may not be possible when the record is used for the first time +or after some bad error. In such situation use default values. +--- + libntfs-3g/mft.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/libntfs-3g/mft.c b/libntfs-3g/mft.c +index d0a601ff..5052d1ec 100644 +--- a/libntfs-3g/mft.c ++++ b/libntfs-3g/mft.c +@@ -5,7 +5,7 @@ + * Copyright (c) 2004-2005 Richard Russon + * Copyright (c) 2004-2008 Szabolcs Szakacsits + * Copyright (c) 2005 Yura Pakhuchiy +- * Copyright (c) 2014-2018 Jean-Pierre Andre ++ * Copyright (c) 2014-2021 Jean-Pierre Andre + * + * This program/include file is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as published +@@ -1529,8 +1529,17 @@ ntfs_inode *ntfs_mft_rec_alloc(ntfs_volume *vol, BOOL mft_data) + goto undo_mftbmp_alloc; + } + ++ /* ++ * Retrieve the former seq_no and usn so that the new record ++ * cannot be mistaken for the former one. ++ * However the original record may just be garbage, so ++ * use some sensible value when they cannot be retrieved. ++ */ + seq_no = m->sequence_number; +- usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs)); ++ if (le16_to_cpu(m->usa_ofs) <= (NTFS_BLOCK_SIZE - 2)) ++ usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs & -2)); ++ else ++ usn = const_cpu_to_le16(1); + if (ntfs_mft_record_layout(vol, bit, m)) { + ntfs_log_error("Failed to re-format mft record.\n"); + free(m); diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30788-2.patch ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30788-2.patch --- ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30788-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30788-2.patch 2022-06-06 18:09:34.000000000 +0000 @@ -0,0 +1,24 @@ +From bce5734a757fd59d70a52f4d4fe9abe260629b3a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Tue, 10 May 2022 10:40:17 +0200 +Subject: [PATCH] Fixed operation on little endian data + +Forcing an even usa_of, in a recent security patch, must be made on cpu +endian data. +--- + libntfs-3g/mft.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libntfs-3g/mft.c b/libntfs-3g/mft.c +index 5052d1ec..aefbb5f1 100644 +--- a/libntfs-3g/mft.c ++++ b/libntfs-3g/mft.c +@@ -1537,7 +1537,7 @@ ntfs_inode *ntfs_mft_rec_alloc(ntfs_volume *vol, BOOL mft_data) + */ + seq_no = m->sequence_number; + if (le16_to_cpu(m->usa_ofs) <= (NTFS_BLOCK_SIZE - 2)) +- usn = *(le16*)((u8*)m + le16_to_cpu(m->usa_ofs & -2)); ++ usn = *(le16*)((u8*)m + (le16_to_cpu(m->usa_ofs) & -2)); + else + usn = const_cpu_to_le16(1); + if (ntfs_mft_record_layout(vol, bit, m)) { diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30789.patch ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30789.patch --- ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30789.patch 1970-01-01 00:00:00.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/CVE-2022-30789.patch 2022-06-06 18:09:38.000000000 +0000 @@ -0,0 +1,62 @@ +From 6efc1305c1951c1d72181f449f2fab68fa25fae8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= +Date: Wed, 20 Oct 2021 09:53:28 +0200 +Subject: [PATCH] Made sure the client log data does not overflow from restart + page + +Strengthen the consistency check of the length of restart pages, and +check that log client records are within such a restart page. +--- + libntfs-3g/logfile.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/libntfs-3g/logfile.c b/libntfs-3g/logfile.c +index adc0557f..9c3155e7 100644 +--- a/libntfs-3g/logfile.c ++++ b/libntfs-3g/logfile.c +@@ -287,9 +287,19 @@ static BOOL ntfs_check_log_client_array(RESTART_PAGE_HEADER *rp) + LOG_CLIENT_RECORD *ca, *cr; + u16 nr_clients, idx; + BOOL in_free_list, idx_is_first; ++ u32 offset_clients; + + ntfs_log_trace("Entering.\n"); ++ /* The restart area must be fully within page */ ++ if ((le16_to_cpu(rp->restart_area_offset) + sizeof(RESTART_AREA)) ++ > le32_to_cpu(rp->system_page_size)) ++ goto err_out; + ra = (RESTART_AREA*)((u8*)rp + le16_to_cpu(rp->restart_area_offset)); ++ offset_clients = le16_to_cpu(rp->restart_area_offset) ++ + le16_to_cpu(ra->client_array_offset); ++ /* The clients' records must begin within page */ ++ if (offset_clients >= le32_to_cpu(rp->system_page_size)) ++ goto err_out; + ca = (LOG_CLIENT_RECORD*)((u8*)ra + + le16_to_cpu(ra->client_array_offset)); + /* +@@ -308,6 +318,10 @@ static BOOL ntfs_check_log_client_array(RESTART_PAGE_HEADER *rp) + idx = le16_to_cpu(cr->next_client)) { + if (!nr_clients || idx >= le16_to_cpu(ra->log_clients)) + goto err_out; ++ /* The client record must be fully within page */ ++ if ((offset_clients + (idx + 1)*sizeof(LOG_CLIENT_RECORD)) ++ > le32_to_cpu(rp->system_page_size)) ++ goto err_out; + /* Set @cr to the current log client record. */ + cr = ca + idx; + /* The first log client record must not have a prev_client. */ +@@ -380,7 +394,14 @@ static int ntfs_check_and_load_restart_page(ntfs_attr *log_na, + /* + * Allocate a buffer to store the whole restart page so we can multi + * sector transfer deprotect it. ++ * For safety, make sure this is consistent with the usa_count ++ * and shorter than the full log size + */ ++ if ((le32_to_cpu(rp->system_page_size) ++ > (u32)(le16_to_cpu(rp->usa_count) - 1)*NTFS_BLOCK_SIZE) ++ || (le32_to_cpu(rp->system_page_size) ++ > le64_to_cpu(log_na->data_size))) ++ return (EINVAL); + trp = ntfs_malloc(le32_to_cpu(rp->system_page_size)); + if (!trp) + return errno; diff -Nru ntfs-3g-2017.3.23AR.3/debian/patches/series ntfs-3g-2017.3.23AR.3/debian/patches/series --- ntfs-3g-2017.3.23AR.3/debian/patches/series 2021-08-23 13:18:41.000000000 +0000 +++ ntfs-3g-2017.3.23AR.3/debian/patches/series 2022-06-06 18:09:38.000000000 +0000 @@ -1,3 +1,12 @@ 0001-link-with-gpg-error.patch 0002-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch aug2021-security.patch +CVE-2021-46790.patch +CVE-2022-30783.patch +CVE-2022-30784.patch +CVE-2022-30785_30787.patch +CVE-2022-30786-1.patch +CVE-2022-30786-2.patch +CVE-2022-30788-1.patch +CVE-2022-30788-2.patch +CVE-2022-30789.patch