From 6facb6fa1022a6bc5aa6fbdbaf20b1a57f420259 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 12 Nov 2022 22:36:55 +0100 Subject: [PATCH] package/ntfs-3g: security bump to version 2022.10.3 Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-v4w8-jv3w-7prm https://github.com/tuxera/ntfs-3g/releases/tag/2022.10.3 Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni --- package/ntfs-3g/ntfs-3g.hash | 2 +- package/ntfs-3g/ntfs-3g.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/ntfs-3g/ntfs-3g.hash b/package/ntfs-3g/ntfs-3g.hash index 89bce73559..3fcba6af4d 100644 --- a/package/ntfs-3g/ntfs-3g.hash +++ b/package/ntfs-3g/ntfs-3g.hash @@ -1,4 +1,4 @@ # Locally calculated -sha256 0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93 ntfs-3g_ntfsprogs-2022.5.17.tgz +sha256 f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c ntfs-3g_ntfsprogs-2022.10.3.tgz sha256 231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c COPYING sha256 d7bf9d064ac3e5840f9dd02422b7eeec4f1fd03f37fadbd043602be5e882304f COPYING.LIB diff --git a/package/ntfs-3g/ntfs-3g.mk b/package/ntfs-3g/ntfs-3g.mk index 64800c5eeb..62c515d50f 100644 --- a/package/ntfs-3g/ntfs-3g.mk +++ b/package/ntfs-3g/ntfs-3g.mk @@ -4,7 +4,7 @@ # ################################################################################ -NTFS_3G_VERSION = 2022.5.17 +NTFS_3G_VERSION = 2022.10.3 NTFS_3G_SOURCE = ntfs-3g_ntfsprogs-$(NTFS_3G_VERSION).tgz NTFS_3G_SITE = http://tuxera.com/opensource NTFS_3G_CONF_OPTS = --disable-ldconfig