This bug was fixed in the package netatalk - 2.0.4~beta2-4.1ubuntu1 --------------- netatalk (2.0.4~beta2-4.1ubuntu1) jaunty; urgency=low * Merge from Debian unstable. Remaining Ubuntu changes: LP: #318665 - Changed dependency from libdb-dev to libdb4.6-dev to correct FTBFS due to an issue caused by mismatches on installed binaries and development headers (db4.7 is installed under a different soname which breaks a check in netatalk) (LP: #262991) - debian/control: + Replace libltdl3-dev with libltdl7-dev. + Recommend db4.6-util instead of db4.2-util as we build netatalk with db4.6. netatalk (2.0.4~beta2-4.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix incomplete upstream patch for CVE-2008-5718 by escaping every problematic character and not only those which enables an attacker to execute arbitrary code (213_CVE-2008-5718.patch; Closes: #510585). netatalk (2.0.4~beta2-4) unstable; urgency=high * Rebuild for unstable branch. netatalk (2.0.4~beta2-3) UNRELEASED; urgency=high * Update debian/copyrights: + Merge entries with same owners and license (only differing years) + Consistently list years before owner + Sort owners + Explicitly include GAP licenses (wording vary slightly) + Fix GPL-2+ licensed files wrongly registered as GAP * Keep urgency=high as 2.0.4~beta2-2 changes are still pending. netatalk (2.0.4~beta2-2) unstable; urgency=high * Always use gcrypt. Simplify optional openssl support. * Readd and update OpenSSL section to README.Debian, and improve NEWS entry to clarify that Randnum UAM is no longer provided by default. * Add patches 001-005 (but avoid applying some of them) to sync with upstream development, fixing the following issues: + remove bogus default ppd _PATH_PAPDPPDFILE + remove signed/unsigned gcc warning + better handling of bogus ppd files + Remove ucb includes from Netatalk (i.e. drop SunOS 4.x support) + Fix off-by-one error in PPD file processing + Fix dhx2 logincont packet size * Update copyright hints (no new owners or licenses). * Explicitly build-depend on libdb4.2-dev (not libdb-dev). * Mention MacOS X 10.5.x group ACL workaround in README.Debian. Closes: bug#458174, thanks to Tim Miller Dyck. * Set urgency=high due to possible security implications in above, and due to accidentally linking against BerkeleyDB 4.6 in prior release. netatalk (2.0.4~beta2-1) unstable; urgency=high * New upstream prerelease: + Quote chars in papd popen variables expansion (and other fixes to papd). Fixes remote execution security hole CVE-2008-5718. Closes: bug#510585. * Mangle upstream tarball beta version. * Drop patches 000 and 001 contained upstream now. * Unfuzz patches 107, 109, 205 and 212. * Unfuzz and enable patches 204a, 207a, 208, 209 and 211. * Build new DHX2 UAM: + Build-depend on libgcrypt11-dev + Configure with --with-libgcrypt + Drop SSL note from README.Debian + Add NEWS entry regarding new and recommended DHX2 UAM * Disable CDBS autotools reconfiguration. * Update cdbs snippets: + Move dependency cleanup to new local snippet package-relations.mk. + Update copyright-check output to more closely match proposed new copyright file format. + Several minor improvements to upstream-tarball.mk. + Compact simple licenses (those without ' or later') in copyright-check.mk + Fix use underscore (not dash) in internal variable + Ignore only debian changelog and copyright-related files by default in copyright-check.mk + Correct and update copyright hints of the snippets themselves + Update README.cdbs-tweaks. * Add DEB_MAINTAINER_MODE in debian/rules (thanks to Romain Beauxis). * Stop installing README.ids no longer provided upstream. * Rewrite debian/copyright using new new format specification, and update copyright hints. * Semi-auto-update debian/control to update dependencies: DEB_MAINTAINER_MODE=1 fakeroot debian/rules clean * Set urgency=high due to security fix. -- Bhavani Shankar