Bug 280046

Summary: net/netatalk3: 3.2.0 contains vulnerability
Product: Ports & Packages Reporter: Dutchman01 <dutchman01>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Many People CC: fernape, marcus, ports-secteam
Priority: --- Flags: fernape: maintainer-feedback? (marcus)
Version: Latest   
Hardware: Any   
OS: Any   

Description Dutchman01 2024-06-29 10:37:08 UTC 
Upgrade to 3.2.1 is asap needed.

see: https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-1

This release includes a patch for security vulnerabilities CVE-2024-38439, CVE-2024-38440, and CVE-2024-38441. Users of the 3.x release series are encouraged to update their servers to this version.

dutchman01
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-06-30 17:51:23 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c999b147633b20e0f23315598c5c4e1d4452c201

commit c999b147633b20e0f23315598c5c4e1d4452c201
Author:     Fernando ApesteguĂ­a <fernape@FreeBSD.org>
AuthorDate: 2024-06-30 17:42:51 +0000
Commit:     Fernando ApesteguĂ­a <fernape@FreeBSD.org>
CommitDate: 2024-06-30 17:42:51 +0000

    security/vuxml: add net/netatalk3 vulnerabilities

     * CVE-2024-38439
     * CVE-2024-38440
     * CVE-2024-38441

     NVD assessments not yet provided.

    PR:             280046
    Reported by:    Dutchman01 <dutchman01@quicknet.nl>

 security/vuxml/vuln/2024.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
Comment 2 Joe Marcus Clarke freebsd_committer freebsd_triage 2024-07-01 11:38:43 UTC 
Netatalk has been updated to 3.2.1.