All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/ntfs-3g: security bump to version 2022.10.3
@ 2022-11-12 21:36 Fabrice Fontaine
  2022-11-13 21:17 ` Thomas Petazzoni via buildroot
  2022-11-15 13:20 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-11-12 21:36 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before
2022.10.3. Crafted metadata in an NTFS image can cause code execution. A
local attacker can exploit this if the ntfs-3g binary is setuid root. A
physically proximate attacker can exploit this if NTFS-3G software is
configured to execute upon attachment of an external storage device.

https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-v4w8-jv3w-7prm
https://github.com/tuxera/ntfs-3g/releases/tag/2022.10.3

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/ntfs-3g/ntfs-3g.hash | 2 +-
 package/ntfs-3g/ntfs-3g.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/ntfs-3g/ntfs-3g.hash b/package/ntfs-3g/ntfs-3g.hash
index 89bce73559..3fcba6af4d 100644
--- a/package/ntfs-3g/ntfs-3g.hash
+++ b/package/ntfs-3g/ntfs-3g.hash
@@ -1,4 +1,4 @@
 # Locally calculated
-sha256  0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93  ntfs-3g_ntfsprogs-2022.5.17.tgz
+sha256  f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c  ntfs-3g_ntfsprogs-2022.10.3.tgz
 sha256  231f7edcc7352d7734a96eef0b8030f77982678c516876fcb81e25b32d68564c  COPYING
 sha256  d7bf9d064ac3e5840f9dd02422b7eeec4f1fd03f37fadbd043602be5e882304f  COPYING.LIB
diff --git a/package/ntfs-3g/ntfs-3g.mk b/package/ntfs-3g/ntfs-3g.mk
index 64800c5eeb..62c515d50f 100644
--- a/package/ntfs-3g/ntfs-3g.mk
+++ b/package/ntfs-3g/ntfs-3g.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-NTFS_3G_VERSION = 2022.5.17
+NTFS_3G_VERSION = 2022.10.3
 NTFS_3G_SOURCE = ntfs-3g_ntfsprogs-$(NTFS_3G_VERSION).tgz
 NTFS_3G_SITE = http://tuxera.com/opensource
 NTFS_3G_CONF_OPTS = --disable-ldconfig
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/ntfs-3g: security bump to version 2022.10.3
  2022-11-12 21:36 [Buildroot] [PATCH 1/1] package/ntfs-3g: security bump to version 2022.10.3 Fabrice Fontaine
@ 2022-11-13 21:17 ` Thomas Petazzoni via buildroot
  2022-11-15 13:20 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-11-13 21:17 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

On Sat, 12 Nov 2022 22:36:55 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before
> 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A
> local attacker can exploit this if the ntfs-3g binary is setuid root. A
> physically proximate attacker can exploit this if NTFS-3G software is
> configured to execute upon attachment of an external storage device.
> 
> https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-v4w8-jv3w-7prm
> https://github.com/tuxera/ntfs-3g/releases/tag/2022.10.3
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/ntfs-3g/ntfs-3g.hash | 2 +-
>  package/ntfs-3g/ntfs-3g.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/ntfs-3g: security bump to version 2022.10.3
  2022-11-12 21:36 [Buildroot] [PATCH 1/1] package/ntfs-3g: security bump to version 2022.10.3 Fabrice Fontaine
  2022-11-13 21:17 ` Thomas Petazzoni via buildroot
@ 2022-11-15 13:20 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-11-15 13:20 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before
 > 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A
 > local attacker can exploit this if the ntfs-3g binary is setuid root. A
 > physically proximate attacker can exploit this if NTFS-3G software is
 > configured to execute upon attachment of an external storage device.

 > https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-v4w8-jv3w-7prm
 > https://github.com/tuxera/ntfs-3g/releases/tag/2022.10.3

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.08.x and 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-15 13:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-12 21:36 [Buildroot] [PATCH 1/1] package/ntfs-3g: security bump to version 2022.10.3 Fabrice Fontaine
2022-11-13 21:17 ` Thomas Petazzoni via buildroot
2022-11-15 13:20 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.