[Pkg-samba-maint] r3075 - trunk/samba/debian
bubulle at alioth.debian.org
bubulle at alioth.debian.org
Sun Oct 4 05:26:41 UTC 2009
Author: bubulle
Date: 2009-10-04 05:26:41 +0000 (Sun, 04 Oct 2009)
New Revision: 3075
Modified:
trunk/samba/debian/changelog
Log:
Release 2:3.4.2-1
Modified: trunk/samba/debian/changelog
===================================================================
--- trunk/samba/debian/changelog 2009-10-02 21:04:00 UTC (rev 3074)
+++ trunk/samba/debian/changelog 2009-10-04 05:26:41 UTC (rev 3075)
@@ -1,3 +1,22 @@
+samba (2:3.4.2-1) unstable; urgency=high
+
+ * New upstream release. Security update.
+ * CVE-2009-2813:
+ Connecting to the home share of a user will use the root of the
+ filesystem as the home directory if this user is misconfigured to
+ have an empty home directory in /etc/passwd.
+ * CVE-2009-2948:
+ If mount.cifs is installed as a setuid program, a user can pass it
+ a credential or password path to which he or she does not have
+ access and then use the --verbose option to view the first line of
+ that file.
+ * CVE-2009-2906:
+ Specially crafted SMB requests on authenticated SMB connections
+ can send smbd into a 100% CPU loop, causing a DoS on the Samba
+ server.
+
+ -- Christian Perrier <bubulle at debian.org> Sat, 03 Oct 2009 08:30:33 +0200
+
samba (2:3.4.1-2) unstable; urgency=low
* ./configure --disable-avahi, to avoid accidentally picking up an avahi
More information about the Pkg-samba-maint
mailing list