[Pkg-samba-maint] Bug#483410: CVE-2008-1105: Boundary failure when parsing SMB responses can result in a buffer overrun

Florian Weimer fw at deneb.enyo.de
Wed May 28 18:35:46 UTC 2008


* Christian Perrier:

> To security team: as I said, I'm unsure that I'll be able to work on
> packages for etch. I'll at least try building with that patch. As
> usual, I may need guidance to upload to the right place if you're OK
> for us to upload for etch.

You should prepare an upload with distribution stable-security, urgency
high, and upload it to:

  <ftp://security-master.debian.org/pub/SecurityUploadQueue>

I could do that for you.  The problem is regression testing, which I can
do only to an extremely limited extent.

> What about sarge? It is affected as well (samba is 3.0.14 there) but is it
> still officially supported wrt security updates?

sarge is officially out of support.





More information about the Pkg-samba-maint mailing list