Package "ntfs-3g"

  ntfs-3g (1:2015.3.14AR.1-1ubuntu0.3) xenial-security; urgency=medium

  * Fix LP: #1821250 - Don't install /bin/ntfs-3g as setuid root. If
    administrators want to allow unprivileged users to be able to mount NTFS
    images, they can restore this functionality by changing the permissions of
    /bin/ntfs-3g with dpkg-statoverride
    - update debian/ntfs-3g.postinst

 -- Chris Coulson <email address hidden> Thu, 21 Mar 2019 21:33:36 +0000

  ntfs-3g (1:2015.3.14AR.1-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow in /bin/ntfs-3g
    - debian/patches/0001-Fixed-reporting-an-error-when-failed-to-build-the-mo.patch:
      Fixed reporting an error when failed to build the mountpoint
    - CVE-2019-9755

 -- Chris Coulson <email address hidden> Thu, 14 Mar 2019 15:36:07 +0000

  ntfs-3g (1:2015.3.14AR.1-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Improper environment scrubbing prior to executing
    modprobe could allow a local attacker to load arbitrary kernel modules
    - debian/patches/0002-CVE-2017-0358.patch: Execute modprobe with an empty
      environment. Based on patch from upstream.
    - CVE-2017-0358

 -- Tyler Hicks <email address hidden> Fri, 27 Jan 2017 23:34:41 +0000