-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.3139
                        netatalk regression update
                                2 June 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           netatalk
Publisher:         Debian
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-23121  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2023/06/msg00000.html

Comment: CVSS (Max):  9.8 CVE-2022-23121 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3426-2                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
June 01, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : netatalk
Version        : 3.1.12~ds-3+deb10u2
CVE ID         : CVE-2022-23121
Debian Bug     : 1036740

The security update of netatalk,=C2=A0the Apple Filing Protocol service, 
announced as DLA-3426-1 caused a regression when the netatalk server was 
configured to use the AppleDouble v2 file system format.

For Debian 10 buster, this problem has been fixed in version
3.1.12~ds-3+deb10u2.

We recommend that you upgrade your netatalk packages.

For the detailed security status of netatalk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/netatalk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmR42jRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ65RAAo+nse/INVhHE5RgrO9zhVlhQeBeXV0zr2xhOZB3ohEKk8nwLVTea28QS
nXjq4e8joKyksFMm/xGdIJ6hgldqoxZwluhK5NePGYn+DdhkTStVAYL1rqQHJ867
gu00U8JZQitJF0v/V3GWSNt7shWzsgdON5hJhgO/RrqgzPNRtMn+823fdrbR1gtT
swZDfuosftePOHsQxp0uplW2fqX6C6LXRTQyXHNJ4ARXwvqdALqsxjTTSVxtQHR+
T9tz/tItF7PKWPTzzih683aYYvVs25sVm4Sc4Ol0tHFBX1j/mEZ4zZW//cafVfhu
122SSDPknInzXSZQCThGtjR/CUbjEutDc8m8P/ZFQc4GVEZsj2mQzBNwYSWkMVP2
dXJ9GFGDf8/ggDfwUZ4Qd6oLJT4nV1jtRADxCH5EaciQ3GRQoQus/MFmj8yLPedh
cIW2ivl1gUhC6zbA7bLThv0uRZIpvHxO81iRnfovCBlWhw0HnA/xac3V9Ut6DA1u
RW4EYhFtOit4eUemKdWFzl/okhs2UpfNRWayFcJWz0eizkI3mdU64PJqNXOxewhI
JUYy00CT+dctEiqDU0DH/rTXcLIJAxHCnHTTq4llxGNmmye1t1mLw8FXt2WWFZfp
qmZQXvUVIqcokjmKRZB23TgpbH0+c2Njke435Ii2HSPMt0PGR7Y=
=kEPg
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZHmFm8kNZI30y1K9AQjjLw//URNPxX0tAcg1YI0aDLnV7o514GTTUg7H
XLLpXomjeDps0xSU3VPqKpQ3aTIs0rUMEymnsV8btfDLXAjRrgRC0A7bhlnCIPHc
qJ+yOH5xM5ZOFm8mGs5/IcD/66K/2YxPYAySyVywlUyv5c88XckAdXzN7tj+xdeD
tzcSMNSxUwrdbVSN3bilTDm//epEhHNb/2x94quAFu7wc6dh7c9N32gtSUmGrDl2
hr9Y8qddSz0cMekNVGPvkdo/Rqc4fargBQNTmJ9GrC3t3lRQS5atcR3BtrnRfsov
T4YprX4KjM0pGFnlFaqVNIsNjCK38Awxv6TFgl65X+my2wZPOnoReUo5jUDnEma9
ta/fq80SS2ncbMylUuH9H+9hPSy3zrzg79cwrTH54VEvkW+/DJdRTBQETzDwMMsH
+z0l8+X5Cz6PoTNmbAqUTIxWpYQSmmFkuveQ1AH60gamJ+WPVN/Zl1FkoCe0ynTe
DxIDeBvPbLW/8SZizU3TKl5UE4xEPnvfRCAx77zubWmt2MNibQ3DQy2nLbPd7IFq
zSZgLwSNjIL+Ksz2r2zH5Mp89IiNsI+W7JrR8GMH60bOxkl4mIs5OWK4i8XvIxu8
vkhqUv/KpEutmC7YBOCp6E2UoAoOCgsEhJaeCC6FlSzaXlvJqb8QtFUJTruTY0sx
iq77D+8gQqc=
=PgSg
-----END PGP SIGNATURE-----