-
ntfs-3g (1:2017.3.23-2ubuntu0.18.04.5) bionic-security; urgency=medium
* SECURITY UPDATE: code execution via incorrect validation of metadata
- debian/patches/CVE-2022-40284-1.patch: rejected zero-sized runs in
libntfs-3g/runlist.c.
- debian/patches/CVE-2022-40284-2.patch: avoided merging runlists with
no runs in libntfs-3g/runlist.c.
- CVE-2022-40284
-- Marc Deslauriers <email address hidden> Tue, 01 Nov 2022 07:57:16 -0400
-
ntfs-3g (1:2017.3.23-2ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in ntfsck
- debian/patches/CVE-2021-46790.patch: properly handle error in
ntfsprogs/ntfsck.c.
- CVE-2021-46790
* SECURITY UPDATE: traffic interception via incorrect return code
- debian/patches/CVE-2022-30783.patch: return proper error code in
libfuse-lite/mount.c, src/ntfs-3g_common.c, src/ntfs-3g_common.h.
- CVE-2022-30783
* SECURITY UPDATE: heap exhaustion via invalid NTFS image
- debian/patches/CVE-2022-30784.patch: Avoid allocating and reading an
attribute beyond its full size in libntfs-3g/attrib.c.
- CVE-2022-30784
* SECURITY UPDATE: arbitrary memory access via fuse
- debian/patches/CVE-2022-30785_30787.patch: check directory offset in
libfuse-lite/fuse.c.
- CVE-2022-30785
- CVE-2022-30787
* SECURITY UPDATE: heap overflow via ntfs attribute names
- debian/patches/CVE-2022-30786-1.patch: make sure there is no null
character in an attribute name in libntfs-3g/attrib.c.
- debian/patches/CVE-2022-30786-2.patch: make sure there is no null
character in an attribute name in libntfs-3g/attrib.c.
- CVE-2022-30786
* SECURITY UPDATE: heap buffer overflow via crafted NTFS image
- debian/patches/CVE-2022-30788-1.patch: use a default usn when the
former one cannot be retrieved in libntfs-3g/mft.c.
- debian/patches/CVE-2022-30788-2.patch: fix operation on little endian
data in libntfs-3g/mft.c.
- CVE-2022-30788
* SECURITY UPDATE: heap buffer overflow via crafted NTFS image
- debian/patches/CVE-2022-30789.patch: make sure the client log data
does not overflow from restart page in libntfs-3g/logfile.c.
- CVE-2022-30789
-- Marc Deslauriers <email address hidden> Mon, 06 Jun 2022 14:11:22 -0400
-
ntfs-3g (1:2017.3.23-2ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/aug2021-security.patch: backport fixes from new
upstream version.
- No CVE number
-- Marc Deslauriers <email address hidden> Mon, 23 Aug 2021 09:25:29 -0400
-
ntfs-3g (1:2017.3.23-2ubuntu0.18.04.2) bionic-security; urgency=medium
* Fix LP: #1821250 - Don't install /bin/ntfs-3g as setuid root. If
administrators want to allow unprivileged users to be able to mount NTFS
images, they can restore this functionality by changing the permissions of
/bin/ntfs-3g with dpkg-statoverride
- update debian/ntfs-3g.postinst
-- Chris Coulson <email address hidden> Thu, 21 Mar 2019 21:33:01 +0000
-
ntfs-3g (1:2017.3.23-2ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow in /bin/ntfs-3g
- debian/patches/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch:
Fixed reporting an error when failed to build the mountpoint
- CVE-2019-9755
-- Chris Coulson <email address hidden> Thu, 14 Mar 2019 14:21:40 +0000
-
ntfs-3g (1:2017.3.23-2) unstable; urgency=medium
* Start the transition with upload to Sid.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 30 Nov 2017 19:38:35 +0000
-
ntfs-3g (1:2016.2.22AR.2-2) unstable; urgency=medium
* Start the transition with upload to Sid.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 22 Jun 2017 19:12:30 +0000
