Merge nbd from Debian unstable for kinetic
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nbd (Ubuntu) |
Fix Released
|
Undecided
|
Athos Ribeiro |
Bug Description
Upstream: tbd
Debian: 1:3.24-1
Ubuntu: 1:3.23-3ubuntu1
### New Debian Changes ###
nbd (1:3.24-1) unstable; urgency=medium
* New upstream release.
- CVE-2022-26495: Disallow name lenghts of (unsigned int)-1, by
constraining the length to 4096 bytes
- CVE-2022-26496: Fix buffer overflow in NBD_OPT_
handling.
- These security are tracked in the Debian BTS; Closes: #1006915.
- nbd-server transaction logs can now optionally also log data
- New binary: nbd-trplay, to replay (to an image) a transaction log.
-- Wouter Verhelst <email address hidden> Tue, 08 Mar 2022 10:02:56 +0200
nbd (1:3.23-3) unstable; urgency=medium
* debian/control: also add bison and flex
* debian/rules: override dh_autoreconf with a call to ./autogen.sh, so
that things actually work.
-- Wouter Verhelst <email address hidden> Wed, 24 Nov 2021 15:45:33 +0200
nbd (1:3.23-2) unstable; urgency=medium
* debian/control: add autoconf-archive to build-depends
-- Wouter Verhelst <email address hidden> Mon, 22 Nov 2021 11:11:34 +0200
nbd (1:3.23-1) unstable; urgency=medium
* New upstream release
- Fixes hostname resolving issues; closes: #996487.
-- Wouter Verhelst <email address hidden> Sun, 21 Nov 2021 18:13:36 +0200
nbd (1:3.22-1) unstable; urgency=medium
[ Debian Janitor ]
* Trim trailing whitespace.
* Add missing ${misc:Depends} to Depends for nbd-client-udeb.
* Bump debhelper from old 9 to 12.
* Set debhelper-compat version in Build-Depends.
* Replace XC-Package-Type with Package-Type.
[ Wouter Verhelst ]
* New upstream release
-- Wouter Verhelst <email address hidden> Mon, 04 Oct 2021 14:34:34 +0200
nbd (1:3.21-1) unstable; urgency=medium
* New upstream release.
-- Wouter Verhelst <email address hidden> Mon, 18 Jan 2021 20:51:42 +0200
nbd (1:3.20-1) unstable; urgency=medium
* New upstream release
-- Wouter Verhelst <email address hidden> Mon, 16 Sep 2019 09:05:42 +0200
nbd (1:3.19-3) unstable; urgency=medium
* debian/control: add docbook-utils to build-depends. This shouldn't
strictly be necessary, but it's the quickest fix that allows the
package to build again... Closes: #922383
-- Wouter Verhelst <email address hidden> Sun, 17 Feb 2019 10:51:59 +0200
nbd (1:3.19-2) unstable; urgency=medium
* Don't remove nonexisting files...
-- Wouter Verhelst <email address hidden> Fri, 15 Feb 2019 06:25:31 +0100
nbd (1:3.19-1) unstable; urgency=medium
* New upstream release
* Document the fact that we're using template units. Closes: #908977.
[ Jelmer Vernooij ]
* debian/
unknown-
-- Wouter Verhelst <email address hidden> Thu, 14 Feb 2019 14:06:59 +0100
nbd (1:3.18-1) unstable; urgency=medium
* New upstream release
* debian/control: update Vcs-* package fields to point to salsa, not
alioth.
* debian/control: bump Standards-Version to 4.1.3 (no relevant changes)
* debian/control: limit the libnl-genl-dev dependency to linux-any
(since nbd-client isn't built on !linux)
-- Wouter Verhelst <email address hidden> Sat, 18 Aug 2018 17:19:50 +0200
nbd (1:3.17-2) unstable; urgency=medium
* Add missing build-dependency on libnl-genl-dev
-- Wouter Verhelst <email address hidden> Sat, 17 Mar 2018 22:48:11 +0100
### Old Ubuntu Delta ###
nbd (1:3.23-3ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: heap overflow via long name length
- nbd-server.c: limit the size of a name length.
- 4e5c5d2ed71cc9c
- CVE-2022-26495
* SECURITY UPDATE: buffer overflow in NBD_OPT_
- nbd-server.c: use consume function instead of socket_read.
- 3740ff7fc9c3847
- CVE-2022-26496
-- Marc Deslauriers <email address hidden> Thu, 10 Mar 2022 09:08:15 -0500
CVE References
Changed in nbd (Ubuntu): | |
milestone: | none → ubuntu-22.05 |
The current delta contains two security fixes, which are included in the new Debian unstable version of the package, as stated in d/changelog and as verified in
https:/ /salsa. debian. org/wouter/ nbd/-/commit/ d88ff98b5f314fa 52049e98ae56b2e c0b7f9c8b7# d8b58112d12c353 16db0278cb2a275 3729d77d53_ 2116_2180
Therefore, this can be a sync instead.