[Pkg-samba-maint] Bug#488688: Bug#488688: samba: regression with CVE-2008-1105: serving large files may break

Steve Langasek vorlon at debian.org
Wed Jul 2 03:47:32 UTC 2008

On Tue, Jul 01, 2008 at 07:18:39AM +0200, Christian Perrier wrote:
> Quoting Jamie Strandboge (jamie at ubuntu.com):
> > Package: samba
> > Version: 2:3.0.30-2
> > Severity: normal
> > Tags: patch
> > User: ubuntu-devel at lists.ubuntu.com
> > Usertags: origin-ubuntu intrepid ubuntu-patch

> > In Ubuntu, we've applied the attached patch to our development and stable
> > releases to achieve the following:

> >   * debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly
> >     calculate buffer sizes. This bug was introduced in the fix for
> >     CVE-2008-1105
> >   * References
> >     https://bugs.launchpad.net/ubuntu/+source/samba/+bug/241448
> >     https://bugzilla.samba.org/show_bug.cgi?id=5517

> Other maintainers (particularly Steve): do you really think we need to
> apply a patch that was obviously added upstream and will be in 3.0.31
> (due out "soon"?)

Probably not, but as this was a regression introduced in a security patch
(which we have in etch as part of 3.0.24-6etch10), we might want to
coordinate another update with the security team...

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

More information about the Pkg-samba-maint mailing list