Ubuntu
ntfs-3g package

Change logs for ntfs-3g source package in Impish

  1. Impish (21.10)
  2. Change log 
  • ntfs-3g (1:2017.3.23AR.3-3ubuntu5.1) impish-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in ntfsck
    - debian/patches/CVE-2021-46790.patch: properly handle error in
      ntfsprogs/ntfsck.c.
    - CVE-2021-46790
  * SECURITY UPDATE: traffic interception via incorrect return code
    - debian/patches/CVE-2022-30783.patch: return proper error code in
      libfuse-lite/mount.c, src/ntfs-3g_common.c, src/ntfs-3g_common.h.
    - CVE-2022-30783
  * SECURITY UPDATE: heap exhaustion via invalid NTFS image
    - debian/patches/CVE-2022-30784.patch: Avoid allocating and reading an
      attribute beyond its full size in libntfs-3g/attrib.c.
    - CVE-2022-30784
  * SECURITY UPDATE: arbitrary memory access via fuse
    - debian/patches/CVE-2022-30785_30787.patch: check directory offset in
      libfuse-lite/fuse.c.
    - CVE-2022-30785
    - CVE-2022-30787
  * SECURITY UPDATE: heap overflow via ntfs attribute names
    - debian/patches/CVE-2022-30786-1.patch: make sure there is no null
      character in an attribute name in libntfs-3g/attrib.c.
    - debian/patches/CVE-2022-30786-2.patch: make sure there is no null
      character in an attribute name in libntfs-3g/attrib.c.
    - CVE-2022-30786
  * SECURITY UPDATE: heap buffer overflow via crafted NTFS image
    - debian/patches/CVE-2022-30788-1.patch: use a default usn when the
      former one cannot be retrieved in libntfs-3g/mft.c.
    - debian/patches/CVE-2022-30788-2.patch: fix operation on little endian
      data in libntfs-3g/mft.c.
    - CVE-2022-30788
  * SECURITY UPDATE: heap buffer overflow via crafted NTFS image
    - debian/patches/CVE-2022-30789.patch: make sure the client log data
      does not overflow from restart page in libntfs-3g/logfile.c.
    - CVE-2022-30789

 -- Marc Deslauriers <email address hidden>  Mon, 06 Jun 2022 14:08:38 -0400
  • ntfs-3g (1:2017.3.23AR.3-3ubuntu5) impish; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/aug2021-security.patch: backport fixes from new
      upstream version.
    - CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289,
      CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269,
      CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254,
      CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258,
      CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262,
      CVE-2021-39263

 -- Marc Deslauriers <email address hidden>  Mon, 23 Aug 2021 09:10:28 -0400
  • ntfs-3g (1:2017.3.23AR.3-3ubuntu4) hirsute; urgency=medium

  * No-change rebuild to drop the udeb package.

 -- Matthias Klose <email address hidden>  Thu, 25 Feb 2021 06:59:05 +0100