d170cde027
- Drop patches (already in version) and so autoreconf - Update COPYING hash (gpl mailing address updated with9bd45cc06e6a5997fbd6) - Fix CVE-2022-43634: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. - Fix CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). - Fix CVE-2023-42464: Validate data type in dalloc_value_for_key() https://github.com/Netatalk/netatalk/blob/netatalk-3-1-17/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
8 lines
486 B
Plaintext
8 lines
486 B
Plaintext
# From http://sourceforge.net/projects/netatalk/files/netatalk/3.1.17/
|
|
md5 a6429a28948f85b69c9012fb437dd9c2 netatalk-3.1.17.tar.xz
|
|
sha1 bc6578d9fa874b3816fd4ddd60a30a8f3aadc71d netatalk-3.1.17.tar.xz
|
|
# Locally computed
|
|
sha256 8c208e2c94bf3047db33cdbc3ce4325d2b80db61d6cc527f18f9dbd8e95b5cff netatalk-3.1.17.tar.xz
|
|
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
|
sha256 7599ae145e53be03a08f8b558b2f2e0c828e1630f1843cc04f41981b8cefcd65 COPYRIGHT
|