Commit cda35814 authored by Ben Hutchings's avatar Ben Hutchings

ntfs: Mark it as broken, and add CVE IDs that are being closed

parent becaca2c
...@@ -809,6 +809,7 @@ linux (4.19.34-1) UNRELEASED; urgency=medium ...@@ -809,6 +809,7 @@ linux (4.19.34-1) UNRELEASED; urgency=medium
* [armel/marvell,sh4] linux-image: Recommend apparmor, like all other configs * [armel/marvell,sh4] linux-image: Recommend apparmor, like all other configs
* udeb: Drop unused ntfs-modules packages * udeb: Drop unused ntfs-modules packages
* ntfs: Disable NTFS_FS due to lack of upstream security support * ntfs: Disable NTFS_FS due to lack of upstream security support
(CVE-2018-12929, CVE-2018-12930, CVE-2018-12931)
[ YunQiang Su ] [ YunQiang Su ]
* [mips*r6] Re-enable CONFIG_JUMP_LABEL, which has been fixed in upstream. * [mips*r6] Re-enable CONFIG_JUMP_LABEL, which has been fixed in upstream.
......
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 25 Apr 2019 15:31:33 +0100
Subject: ntfs: mark it as broken
NTFS has unfixed issues CVE-2018-12929, CVE-2018-12930, and
CVE-2018-12931. ntfs-3g is a better supported alternative.
Make sure it can't be enabled even in custom kernels.
---
--- a/fs/ntfs/Kconfig
+++ b/fs/ntfs/Kconfig
@@ -1,5 +1,6 @@
config NTFS_FS
tristate "NTFS file system support"
+ depends on BROKEN
select NLS
help
NTFS is the file system of Microsoft Windows NT, 2000, XP and 2003.
...@@ -147,6 +147,7 @@ features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.pat ...@@ -147,6 +147,7 @@ features/all/lockdown/lockdown-refer-to-debian-wiki-until-manual-page-exists.pat
# Security fixes # Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch bugfix/all/xen-pciback-Don-t-disable-PCI_COMMAND-on-PCI-device-.patch
debian/ntfs-mark-it-as-broken.patch
# Fix exported symbol versions # Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch bugfix/all/module-disable-matching-missing-version-crc.patch
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment