[Pkg-samba-maint] Bug#488688: Bug#488688: samba: regression with CVE-2008-1105: serving large files may break

Christian Perrier bubulle at debian.org
Tue Jul 1 05:18:39 UTC 2008

Quoting Jamie Strandboge (jamie at ubuntu.com):
> Package: samba
> Version: 2:3.0.30-2
> Severity: normal
> Tags: patch
> User: ubuntu-devel at lists.ubuntu.com
> Usertags: origin-ubuntu intrepid ubuntu-patch
> In Ubuntu, we've applied the attached patch to our development and stable
> releases to achieve the following:
>   * debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly
>     calculate buffer sizes. This bug was introduced in the fix for
>     CVE-2008-1105
>   * References
>     https://bugs.launchpad.net/ubuntu/+source/samba/+bug/241448
>     https://bugzilla.samba.org/show_bug.cgi?id=5517

Other maintainers (particularly Steve): do you really think we need to
apply a patch that was obviously added upstream and will be in 3.0.31
(due out "soon"?)

I'm not entirely convinced as it would mean we should adopt all
patches used upstream which basically means realeasing versions before
them (extra work, etc.).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20080701/f8e22ea5/attachment-0001.pgp 

More information about the Pkg-samba-maint mailing list