[Pkg-samba-maint] Bug#488688: Bug#488688: samba: regression with CVE-2008-1105: serving large files may break
Steve Langasek
vorlon at debian.org
Wed Jul 2 03:47:32 UTC 2008
On Tue, Jul 01, 2008 at 07:18:39AM +0200, Christian Perrier wrote:
> Quoting Jamie Strandboge (jamie at ubuntu.com):
> > Package: samba
> > Version: 2:3.0.30-2
> > Severity: normal
> > Tags: patch
> > User: ubuntu-devel at lists.ubuntu.com
> > Usertags: origin-ubuntu intrepid ubuntu-patch
> > In Ubuntu, we've applied the attached patch to our development and stable
> > releases to achieve the following:
> > * debian/patches/upstream_bug5517.patch: adjust cli_negprot() to properly
> > calculate buffer sizes. This bug was introduced in the fix for
> > CVE-2008-1105
> > * References
> > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/241448
> > https://bugzilla.samba.org/show_bug.cgi?id=5517
> Other maintainers (particularly Steve): do you really think we need to
> apply a patch that was obviously added upstream and will be in 3.0.31
> (due out "soon"?)
Probably not, but as this was a regression introduced in a security patch
(which we have in etch as part of 3.0.24-6etch10), we might want to
coordinate another update with the security team...
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
More information about the Pkg-samba-maint
mailing list