ntfs-3g (1:2021.8.22-3ubuntu1.2) jammy-security; urgency=medium
* SECURITY UPDATE: code execution via incorrect validation of metadata
- debian/patches/CVE-2022-40284-1.patch: rejected zero-sized runs in
libntfs-3g/runlist.c.
- debian/patches/CVE-2022-40284-2.patch: avoided merging runlists with
no runs in libntfs-3g/runlist.c.
- CVE-2022-40284
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 01 Nov 2022 07:56:19 -0400
ntfs-3g (1:2021.8.22-3ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in ntfsck
- debian/patches/CVE-2021-46790.patch: properly handle error in
ntfsprogs/ntfsck.c.
- CVE-2021-46790
* SECURITY UPDATE: traffic interception via incorrect return code
- debian/patches/CVE-2022-30783.patch: return proper error code in
libfuse-lite/mount.c, src/ntfs-3g_common.c, src/ntfs-3g_common.h.
- CVE-2022-30783
* SECURITY UPDATE: heap exhaustion via invalid NTFS image
- debian/patches/CVE-2022-30784.patch: Avoid allocating and reading an
attribute beyond its full size in libntfs-3g/attrib.c.
- CVE-2022-30784
* SECURITY UPDATE: arbitrary memory access via fuse
- debian/patches/CVE-2022-30785_30787.patch: check directory offset in
libfuse-lite/fuse.c.
- CVE-2022-30785
- CVE-2022-30787
* SECURITY UPDATE: heap overflow via ntfs attribute names
- debian/patches/CVE-2022-30786-1.patch: make sure there is no null
character in an attribute name in libntfs-3g/attrib.c.
- debian/patches/CVE-2022-30786-2.patch: make sure there is no null
character in an attribute name in libntfs-3g/attrib.c.
- CVE-2022-30786
* SECURITY UPDATE: heap buffer overflow via crafted NTFS image
- debian/patches/CVE-2022-30788-1.patch: use a default usn when the
former one cannot be retrieved in libntfs-3g/mft.c.
- debian/patches/CVE-2022-30788-2.patch: fix operation on little endian
data in libntfs-3g/mft.c.
- CVE-2022-30788
* SECURITY UPDATE: heap buffer overflow via crafted NTFS image
- debian/patches/CVE-2022-30789.patch: make sure the client log data
does not overflow from restart page in libntfs-3g/logfile.c.
- CVE-2022-30789
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 06 Jun 2022 13:57:00 -0400
ntfs-3g (1:2021.8.22-3ubuntu1) jammy; urgency=medium
* debian/control:
- don't Build-Depends on libfuse-dev since the package is built using
the --with-fuse=internal option, switch to fuse3
[ Simon Chopin ]
* Merge with Debian unstable (LP: #1951239). Remaining changes:
+ Don't install /bin/ntfs-3g as setuid root.
* Dropped, merged upstream:
+ SECURITY UPDATE: multiple security issues
debian/patches/aug2021-security.patch: backport fixes from new
upstream version.
- CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289,
CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269,
CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254,
CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258,
CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262,
CVE-2021-39263
-- Sebastien Bacher <seb128@ubuntu.com> Thu, 13 Jan 2022 15:38:10 +0100
ntfs-3g (1:2021.8.22-3) unstable; urgency=medium
* Backport upstream documentation updates.
* Update homepage location (closes: #993989).
* Update watch file.
* Update Standards-Version to 4.6.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 10 Oct 2021 19:59:33 +0200
ntfs-3g (1:2021.8.22-2) unstable; urgency=medium
* Upload to Sid.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 05 Sep 2021 19:18:32 +0200
ntfs-3g (1:2021.8.22-1) experimental; urgency=high
* New upstream release (closes: #988386) fixing CVE-2021-33285,
CVE-2021-35269, CVE-2021-35268, CVE-2021-33289, CVE-2021-33286,
CVE-2021-35266, CVE-2021-33287, CVE-2021-35267, CVE-2021-39251,
CVE-2021-39252, CVE-2021-39253, CVE-2021-39254, CVE-2021-39255,
CVE-2021-39256, CVE-2021-39257, CVE-2021-39258, CVE-2021-39259,
CVE-2021-39260, CVE-2021-39261, CVE-2021-39262, CVE-2021-39263: multiple
buffer overflows.
* Library transition from libntfs-3g886 to libntfs-3g89 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 02 Sep 2021 18:10:12 +0200
ntfs-3g (1:2017.3.23AR.6-1) experimental; urgency=medium
* New upstream release.
* Library transition from libntfs-3g885 to libntfs-3g886 .
* Update debhelper level to 13 .
* Update Standards-Version to 4.5.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 14 Aug 2021 17:04:15 +0200
ntfs-3g (1:2017.3.23AR.5-1) experimental; urgency=medium
* New upstream release.
* Library transition from libntfs-3g884 to libntfs-3g885 .
* Update Standards-Version to 4.5.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 12 Jun 2020 10:44:39 +0200
ntfs-3g (1:2017.3.23AR.4-1) experimental; urgency=medium
* New upstream release.
* Prevent installation of hal/fdi/policy (closes: #913281).
* Library transition from libntfs-3g883 to libntfs-3g884 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 26 Jul 2019 18:13:42 +0000
ntfs-3g (1:2017.3.23AR.3-3ubuntu5) impish; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/aug2021-security.patch: backport fixes from new
upstream version.
- CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289,
CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269,
CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254,
CVE-2021-39255, CVE-2021-39256, CVE-2021-39257, CVE-2021-39258,
CVE-2021-39259, CVE-2021-39260, CVE-2021-39261, CVE-2021-39262,
CVE-2021-39263
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 23 Aug 2021 09:10:28 -0400
# For older changelog entries, run 'apt-get changelog libntfs-3g89'
Generated by dwww version 1.14 on Thu Jan 23 03:24:24 CET 2025.