<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Salvatore Bonaccorso pushed to branch bullseye-security
at <a href="https://salsa.debian.org/samba-team/samba">Debian Samba Team / samba</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/samba-team/samba/-/commit/0dd5ef76c61a3d66c1f2dc71e81aa44c9af628d6">0dd5ef76</a></strong>
<div>
<span>by Mathieu Parent</span>
<i>at 2022-02-02T00:00:23+01:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Import Debian changes 2:4.13.13+dfsg-1~deb11u2
samba (2:4.13.13+dfsg-1~deb11u2) bullseye-security; urgency=high
..
* This is a security release in order to address the following defects:
- CVE-2016-2124: don't fallback to non spnego authentication if we require
kerberos
- MS CVE-2020-17049 in Samba: 'Bronze bit' S4U2Proxy Constrained Delegation
bypass
- CVE-2020-25717: A user on the domain can become root on domain members
- CVE-2020-25718: An RODC can issue (forge) administrator tickets to other
servers
+ Bump build-depends ldb >= 2.2.3
- CVE-2020-25719: AD DC Username based races when no PAC is given
- CVE-2020-25721: Kerberos acceptors need easy access to stable AD
identifiers (eg objectSid)
- CVE-2020-25722: AD DC UPN vs samAccountName not checked (top-level bug
for AD DC validation issues)
- CVE-2021-3738: crash in dsdb stack
- CVE-2021-23192: dcerpc requests don't check all fragments against the
first auth_state
+ Update d/samba-libs.install for libdcerpc-pkt-auth.so.0
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#b33892fbddeffc3368077b4904ad0b3d562a7312">
VERSION
</a>
</li>
<li class="file-stats">
<a href="#7581ba244b117e3c85a6b9bfb0dbad8213d40c4b">
buildtools/wafsamba/samba_utils.py
</a>
</li>
<li class="file-stats">
<a href="#4cb7ed59a007eeb2bbbc61b9e2b2bc9fd36a88e8">
buildtools/wafsamba/wafsamba.py
</a>
</li>
<li class="file-stats">
<a href="#1ad14ffb1a17a738cb7fd9ec8d8c2b0c8949e163">
ctdb/config/ctdb.conf
</a>
</li>
<li class="file-stats">
<a href="#47f258aa9a9e3bb78e0320bd74cd712e115524e5">
ctdb/config/events/legacy/06.nfs.script
</a>
</li>
<li class="file-stats">
<a href="#70f3a9a6bc95bdfae1d73bd88db3f6fbd979789d">
ctdb/config/events/legacy/60.nfs.script
</a>
</li>
<li class="file-stats">
<a href="#692d4701486a0f4e9a68703fbd02f04a24932e61">
ctdb/config/nfs-linux-kernel-callout
</a>
</li>
<li class="file-stats">
<a href="#3f423dfb57e5e84dbcb3f498485c10e1303ab246">
ctdb/config/statd-callout
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#58ef006ab62b83b4bec5d81fe5b32c3b4c2d1cc2">
debian/control
</a>
</li>
<li class="file-stats">
<a href="#7f29d6919fb6bd362e8d574010f0f6afc581502a">
<span class="new-file">
+
debian/patches/0100-CVE-2020-25718-ldb-attrib_handler-casefold-simplify-.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#e3441c34d1890b81ebbe4075a3d921378412fa52">
<span class="new-file">
+
debian/patches/0101-CVE-2020-25718-ldb_match-trailing-chunk-must-match-e.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#b23e07435e8d9b663249735877d3991c7dd3ef86">
<span class="new-file">
+
debian/patches/0102-CVE-2020-25718-ldb-fix-ldb_comparison_fold-off-by-on.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#eb012637f482e98b96ac570b539c36352ca09f61">
<span class="new-file">
+
debian/patches/0103-CVE-2020-25718-pyldb-catch-potential-overflow-error-.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#80a6b4da95385ac0f83af52b327cdbcd691ee00a">
<span class="new-file">
+
debian/patches/0104-CVE-2020-25718-ldb_match-remove-redundant-check.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#2e58ad064a0086feaf3dac6a1a1bf9cd4bac9b89">
<span class="new-file">
+
debian/patches/0105-CVE-2020-25718-pyldb-Fix-Message.items-for-a-message.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#eaae9d2d42440990bc05276853e7a0c1920ec7d1">
<span class="new-file">
+
debian/patches/0106-CVE-2020-25718-lib-ldb-Add-missing-break-in-switch-s.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#2cb6d550408656e8f4698b5281b6100a69229255">
<span class="new-file">
+
debian/patches/0107-CVE-2020-25718-ldb.h-remove-undefined-async_ctx-func.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#14b2074a3e911b0d692033c9b8015622cd2f1b5b">
<span class="new-file">
+
debian/patches/0108-CVE-2020-25718-ldb-correct-comments-in-attrib_hander.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#2b79f6c4d3b7588141b2182abf8a39655001fcf3">
<span class="new-file">
+
debian/patches/0109-CVE-2020-25718-ldb-improve-comments-for-ldb_module_c.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#7700f624fc51ba207ce9458c376f0d8623006036">
<span class="new-file">
+
debian/patches/0110-CVE-2020-25718-pyldb-fix-a-typo.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#2a0e83030c725a5d2e3026c1c82e395ed0313e0f">
<span class="new-file">
+
debian/patches/0111-CVE-2020-25718-lib-ldb-Use-C99-initializers-for-buil.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#0a2bb7b7ecfb632db4d6b8771cf23d769b8ac5a5">
<span class="new-file">
+
debian/patches/0112-CVE-2020-25718-lib-ldb-samba-Improve-calculate_popt_.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#80f2bf4756d2b49ddeb4deda0773a3ed86e9cd85">
<span class="new-file">
+
debian/patches/0113-CVE-2020-25718-ldb_controls-control_to_string-avoids.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#717555ab556f2debf25e4694966163013bfa7fc1">
<span class="new-file">
+
debian/patches/0114-CVE-2020-25718-lib-Add-hex_byte-to-replace.h.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#7e0c1143ec26797a1681b479f351f9137687b8b4">
<span class="new-file">
+
debian/patches/0115-CVE-2020-25718-ldb-Use-hex_byte-in-ldb_binary_decode.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#48fc355c8553f31f87d6dce771a93b2a5ad7e191">
<span class="new-file">
+
debian/patches/0116-CVE-2020-25718-ldb_kv_index-fix-empty-initializer-co.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#d82ca66bd31d62d8761d25a08f20885a510de0f8">
<span class="new-file">
+
debian/patches/0117-CVE-2020-25718-ldb-version-2.2.3.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#564bc4d02db5b870a03d3870f57c4007209db6f8">
<span class="new-file">
+
debian/patches/0118-CVE-2020-25717-winbind.idl-rename-wbint_TransID.type.patch
</span>
</a>
</li>
<li class="file-stats">
<a href="#90f6084ec5fffcfd5f2e18a20c6e8cdcae06c7e0">
<span class="new-file">
+
debian/patches/0119-CVE-2020-25717-s3-passdb-use-ID_TYPE_-instead-of-WBC.patch
</span>
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/samba-team/samba/-/commit/0dd5ef76c61a3d66c1f2dc71e81aa44c9af628d6">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/samba-team/samba/-/commit/0dd5ef76c61a3d66c1f2dc71e81aa44c9af628d6"}}</script>
</p>
</div>
</body>
</html>