[Pkg-samba-maint] Situation of current samba security issues
Christian Perrier
bubulle at debian.org
Sat Oct 10 10:12:51 UTC 2009
Quoting Christian Perrier (bubulle at debian.org):
> Of course, this is slightly more invasive and may have side
> consequence (I'm unsure...the probability if probably low).
>
> I have a test-build currently unning with that solution....but your
> solution is probably better as less invasive. I haven't checked
> whether you just replaced "EX_SYSERR" by "2" or if you did other
> changes to upstream patch.
I rebuilt with Nico's patches. New packages tested on my home server
without any harm.
Changelog:
samba (2:3.2.5-4lenny7) stable-security; urgency=high
.
* Security update. Fixes the following issues:
- CVE-2009-2813: fix information leak with misconfigured
/etc/passwd file
- CVE-2009-2906: remote DoS against smbd on authenticated
connections
- CVE-2009-2948: information disclosure by setuid mount.cifs
* Thanks to Nico Golde for helping with upstream patch backport
for CVE-2009-2948
It it OK to upload this?
Would you (sec team) guys awnt to review the changelog entries?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20091010/d413c41c/attachment.pgp>
More information about the Pkg-samba-maint
mailing list