netatalk - Debian Package Tracker

general

source: netatalk (main)
version: 4.4.2~ds-1
maintainer: Debian Netatalk team (archive) (DMD)
uploaders: Jonas Smedegaard [DMD] – Daniel Markstedt [DMD] [DM]
arch: all any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.12~ds-8+deb11u1
o-o-sec: 3.1.12~ds-8+deb11u2
stable: 4.2.3~ds-1+deb13u1
stable-sec: 4.2.3~ds-1+deb13u2
testing: 4.4.2~ds-1
unstable: 4.4.2~ds-1

versioned links

3.1.12~ds-8+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.12~ds-8+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.3~ds-1+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.3~ds-1+deb13u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.2~ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

a2boot
atalkd
libatalk
libatalk-dev
macipgw
netatalk (10 bugs: 0, 9, 1, 0)
netatalk-doc
netatalk-tests
netatalk-tools
papd
timelord

action needed

Marked for autoremoval on 16 June due to cmark-gfm: #1112797, #1125525 high

Version 4.4.2~ds-1 of netatalk is marked for autoremoval from testing on Tue 16 Jun 2026. It depends (transitively) on cmark-gfm, affected by #1112797, #1125525. You should try to prevent the removal by fixing these RC bugs.

Created: 2026-05-17 Last update: 2026-05-19 09:00

27 security issues in sid high

There are 27 open security issues in sid.

27 important issues:

CVE-2026-44047:
CVE-2026-44048:
CVE-2026-44049:
CVE-2026-44050:
CVE-2026-44051:
CVE-2026-44052:
CVE-2026-44053:
CVE-2026-44054:
CVE-2026-44055:
CVE-2026-44056:
CVE-2026-44057:
CVE-2026-44058:
CVE-2026-44060:
CVE-2026-44061:
CVE-2026-44062:
CVE-2026-44063:
CVE-2026-44064:
CVE-2026-44065:
CVE-2026-44066:
CVE-2026-44067:
CVE-2026-44068:
CVE-2026-44076:
CVE-2026-45354:
CVE-2026-45355:
CVE-2026-45356:
CVE-2026-45698:
CVE-2026-45699:

Created: 2026-05-14 Last update: 2026-05-18 22:01

27 security issues in forky high

There are 27 open security issues in forky.

27 important issues:

CVE-2026-44047:
CVE-2026-44048:
CVE-2026-44049:
CVE-2026-44050:
CVE-2026-44051:
CVE-2026-44052:
CVE-2026-44053:
CVE-2026-44054:
CVE-2026-44055:
CVE-2026-44056:
CVE-2026-44057:
CVE-2026-44058:
CVE-2026-44060:
CVE-2026-44061:
CVE-2026-44062:
CVE-2026-44063:
CVE-2026-44064:
CVE-2026-44065:
CVE-2026-44066:
CVE-2026-44067:
CVE-2026-44068:
CVE-2026-44076:
CVE-2026-45354:
CVE-2026-45355:
CVE-2026-45356:
CVE-2026-45698:
CVE-2026-45699:

Created: 2026-05-14 Last update: 2026-05-18 22:01

27 security issues in bullseye high

There are 27 open security issues in bullseye.

27 important issues:

CVE-2026-44047:
CVE-2026-44048:
CVE-2026-44049:
CVE-2026-44050:
CVE-2026-44051:
CVE-2026-44052:
CVE-2026-44053:
CVE-2026-44054:
CVE-2026-44055:
CVE-2026-44056:
CVE-2026-44057:
CVE-2026-44058:
CVE-2026-44060:
CVE-2026-44061:
CVE-2026-44062:
CVE-2026-44063:
CVE-2026-44064:
CVE-2026-44065:
CVE-2026-44066:
CVE-2026-44067:
CVE-2026-44068:
CVE-2026-44076:
CVE-2026-45354:
CVE-2026-45355:
CVE-2026-45356:
CVE-2026-45698:
CVE-2026-45699:

Created: 2026-05-14 Last update: 2026-05-18 22:01

3 security issues in buster high

There are 3 open security issues in buster.

3 important issues:

CVE-2024-38439: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c.
CVE-2024-38440: Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).'
CVE-2024-38441: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c.

Created: 2024-06-17 Last update: 2024-06-29 19:18

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

Created: 2022-11-13 Last update: 2022-11-14 05:14

Depends on packages which need a new maintainer normal

The packages that netatalk depends on which need a new maintainer are:

db5.3 (#1055356)
- Depends: libdb5.3t64 libdb5.3t64
systemtap (#1114760)
- Build-Depends: systemtap-sdt-dev
db-defaults (#1055344)
- Build-Depends: libdb-dev

Created: 2023-09-18 Last update: 2026-05-19 09:00

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-11-15 Last update: 2026-05-19 05:00

lintian reports 84 warnings normal

Lintian reports 84 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-22 Last update: 2026-04-22 09:00

7 low-priority security issues in trixie low

There are 7 open security issues in trixie.

7 issues left for the package maintainer to handle:

CVE-2026-44053: (postponed; to be fixed through a stable update)
CVE-2026-44056: (postponed; to be fixed through a stable update)
CVE-2026-44058: (postponed; to be fixed through a stable update)
CVE-2026-44061: (postponed; to be fixed through a stable update)
CVE-2026-44063: (postponed; to be fixed through a stable update)
CVE-2026-44065: (postponed; to be fixed through a stable update)
CVE-2026-44067: (postponed; to be fixed through a stable update)

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-05-14 Last update: 2026-05-18 22:01

news

[rss feed]

[2026-05-18] Accepted netatalk 4.2.3~ds-1+deb13u2 (source) into stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2026-04-24] netatalk 4.4.2~ds-1 MIGRATED to testing (Debian testing watch)
[2026-04-22] Accepted netatalk 4.4.2~ds-1 (source) into unstable (Daniel Markstedt)
[2026-04-15] netatalk 4.4.1~ds-1 MIGRATED to testing (Debian testing watch)
[2026-04-12] Accepted netatalk 4.4.1~ds-1 (source) into unstable (Daniel Markstedt)
[2026-03-28] Accepted netatalk 4.2.3~ds-1+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Daniel Markstedt)
[2025-12-19] netatalk 4.2.3~ds-2.1 MIGRATED to testing (Debian testing watch)
[2025-12-17] Accepted netatalk 4.2.3~ds-2.1 (source) into unstable (Adrian Bunk)
[2025-10-08] netatalk 4.2.3~ds-2 MIGRATED to testing (Debian testing watch)
[2025-10-05] Accepted netatalk 4.2.3~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-06-03] netatalk 4.2.3~ds-1 MIGRATED to testing (Debian testing watch)
[2025-05-13] Accepted netatalk 4.2.3~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-04-26] netatalk 4.2.1~ds-1 MIGRATED to testing (Debian testing watch)
[2025-04-16] Accepted netatalk 4.2.1~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-04-12] Accepted netatalk 4.2.0~ds-3 (source) into unstable (Jonas Smedegaard)
[2025-04-12] Accepted netatalk 4.2.0~ds-2+exp (source) into experimental (Jonas Smedegaard)
[2025-04-08] Accepted netatalk 4.2.0~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-04-06] Accepted netatalk 4.2.0~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-03-10] netatalk 4.1.2~ds-4 MIGRATED to testing (Debian testing watch)
[2025-03-08] Accepted netatalk 4.1.2~ds-4 (source) into unstable (Jonas Smedegaard)
[2025-02-25] Accepted netatalk 4.1.2~ds-3 (source) into unstable (Jonas Smedegaard)
[2025-02-24] Accepted netatalk 4.1.2~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-02-15] netatalk 4.1.2~ds-1 MIGRATED to testing (Debian testing watch)
[2025-02-13] Accepted netatalk 4.1.2~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-01-28] netatalk 4.1.1~ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-24] Accepted netatalk 4.1.1~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-01-16] netatalk 4.1.0~ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted netatalk 4.1.0~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-12-20] netatalk 4.0.8~ds-1 MIGRATED to testing (Debian testing watch)
[2024-12-18] Accepted netatalk 4.0.8~ds-1 (source) into unstable (Jonas Smedegaard)

bugs [bug history graph]

all: 10
RC: 0
I&N: 9
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 84)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.2.3~ds-2.1
40 bugs