netatalk - Debian Package Tracker

general

source: netatalk (main)
version: 4.2.3~ds-1
maintainer: Debian Netatalk team (archive) (DMD)
uploaders: Daniel Markstedt [DMD] – Jonas Smedegaard [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.12~ds-8+deb11u1
o-o-sec: 3.1.12~ds-8+deb11u2
stable: 4.2.3~ds-1
testing: 4.2.3~ds-1
unstable: 4.2.3~ds-1

versioned links

3.1.12~ds-8+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.12~ds-8+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.3~ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

a2boot
atalkd
libatalk
libatalk-dev
macipgw
netatalk (10 bugs: 0, 9, 1, 0)
netatalk-doc
netatalk-tests
netatalk-tools
papd
timelord

action needed

A new upstream version is available: 4-3-2 high

A new upstream version 4-3-2 is available, you should consider packaging it.

Created: 2025-06-02 Last update: 2025-09-15 02:30

3 security issues in buster high

There are 3 open security issues in buster.

3 important issues:

CVE-2024-38439: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c.
CVE-2024-38440: Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).'
CVE-2024-38441: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c.

Created: 2024-06-17 Last update: 2024-06-29 19:18

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

Created: 2022-11-13 Last update: 2022-11-14 05:14

Depends on packages which need a new maintainer normal

The packages that netatalk depends on which need a new maintainer are:

db5.3 (#1055356)
- Depends: libdb5.3t64 libdb5.3t64
systemtap (#1114760)
- Build-Depends: systemtap-sdt-dev
db-defaults (#1055344)
- Build-Depends: libdb-dev

Created: 2023-09-18 Last update: 2025-09-15 03:06

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 4.2.3~ds-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit fc2acf98d7f8aa228d5f2396a33493e224d12d20
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Thu Sep 4 18:53:55 2025 +0000

    update changelog

commit 962ac31b369e2247286392126a5c742b12e84708
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Thu Sep 4 18:49:05 2025 +0000

    add patch that resolves critical bug in uam module

Created: 2025-09-04 Last update: 2025-09-10 19:35

lintian reports 45 warnings normal

Lintian reports 45 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-08-27 Last update: 2025-08-27 05:01

news

[rss feed]

[2025-06-03] netatalk 4.2.3~ds-1 MIGRATED to testing (Debian testing watch)
[2025-05-13] Accepted netatalk 4.2.3~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-04-26] netatalk 4.2.1~ds-1 MIGRATED to testing (Debian testing watch)
[2025-04-16] Accepted netatalk 4.2.1~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-04-12] Accepted netatalk 4.2.0~ds-3 (source) into unstable (Jonas Smedegaard)
[2025-04-12] Accepted netatalk 4.2.0~ds-2+exp (source) into experimental (Jonas Smedegaard)
[2025-04-08] Accepted netatalk 4.2.0~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-04-06] Accepted netatalk 4.2.0~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-03-10] netatalk 4.1.2~ds-4 MIGRATED to testing (Debian testing watch)
[2025-03-08] Accepted netatalk 4.1.2~ds-4 (source) into unstable (Jonas Smedegaard)
[2025-02-25] Accepted netatalk 4.1.2~ds-3 (source) into unstable (Jonas Smedegaard)
[2025-02-24] Accepted netatalk 4.1.2~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-02-15] netatalk 4.1.2~ds-1 MIGRATED to testing (Debian testing watch)
[2025-02-13] Accepted netatalk 4.1.2~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-01-28] netatalk 4.1.1~ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-24] Accepted netatalk 4.1.1~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-01-16] netatalk 4.1.0~ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted netatalk 4.1.0~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-12-20] netatalk 4.0.8~ds-1 MIGRATED to testing (Debian testing watch)
[2024-12-18] Accepted netatalk 4.0.8~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-12-08] netatalk 4.0.7~ds-2 MIGRATED to testing (Debian testing watch)
[2024-12-06] Accepted netatalk 4.0.7~ds-2 (source) into unstable (Jonas Smedegaard)
[2024-11-30] Accepted netatalk 4.0.7~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-27] Accepted netatalk 3.1.12~ds-8+deb11u2 (source) into oldstable-security (Thorsten Alteholz)
[2024-11-19] netatalk 4.0.6~ds-1 MIGRATED to testing (Debian testing watch)
[2024-11-16] Accepted netatalk 4.0.6~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-12] netatalk 4.0.5~ds-1 MIGRATED to testing (Debian testing watch)
[2024-11-10] Accepted netatalk 4.0.5~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-08] Accepted netatalk 4.0.4~ds-2 (source) into unstable (Jonas Smedegaard)
[2024-11-07] Accepted netatalk 4.0.4~ds-1 (source) into unstable (Jonas Smedegaard)

bugs [bug history graph]

all: 11
RC: 0
I&N: 10
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 45)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.2.3~ds-1
40 bugs