Publishing details

• Published on 2022-09-10

Changelog

ntfs-3g (1:2017.3.23AR.3-3+deb10u2) buster-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix multiple issues (Closes: #1011770)
    - Used a default usn when the former one cannot be retrieved
      (CVE-2022-30788)
    - Made sure there is no null character in an attribute name
      (CVE-2022-30786)
    - Avoided allocating and reading an attribute beyond its full size
      (CVE-2022-30784)
    - Made sure the client log data does not overflow from restart page
      (CVE-2022-30789)
    - Made sure there is no null character in an attribute name (bis)
      (CVE-2022-30786)
    - Fixed possible out-of-buffer condition in ntfsck (CVE-2021-46790)
    - Fixed operation on little endian data (CVE-2022-30788)
    - Returned an error code when the --help or --version options are
      used (CVE-2022-30783)
    - Hardened the checking of directory offset requested by a readdir
      (CVE-2022-30785, CVE-2022-30787)

 -- Salvatore Bonaccorso <email address hidden>  Thu, 09 Jun 2022 14:43:42 +0200

Builds

Package files

• ntfs-3g_2017.3.23AR.3-3+deb10u2.debian.tar.xz (38.3 KiB)
• ntfs-3g_2017.3.23AR.3-3+deb10u2.dsc (2.3 KiB)
• ntfs-3g_2017.3.23AR.3.orig.tar.gz (1.2 MiB)