[Pkg-samba-maint] Situation of current samba security issues
Nico Golde
nico at ngolde.de
Sat Oct 10 16:52:49 UTC 2009
* Christian Perrier <bubulle at debian.org> [2009-10-10 15:28]:
> Quoting Christian Perrier (bubulle at debian.org):
>
> > Of course, this is slightly more invasive and may have side
> > consequence (I'm unsure...the probability if probably low).
> >
> > I have a test-build currently unning with that solution....but your
> > solution is probably better as less invasive. I haven't checked
> > whether you just replaced "EX_SYSERR" by "2" or if you did other
> > changes to upstream patch.
I looked up what EX_SYSERR is and use it directly.
samba-3.2.14-CVE-2009-2906.patch needed some small backports as well btw.
> I rebuilt with Nico's patches. New packages tested on my home server
> without any harm.
Great
> Changelog:
>
> samba (2:3.2.5-4lenny7) stable-security; urgency=high
> .
> * Security update. Fixes the following issues:
> - CVE-2009-2813: fix information leak with misconfigured
> /etc/passwd file
> - CVE-2009-2906: remote DoS against smbd on authenticated
> connections
> - CVE-2009-2948: information disclosure by setuid mount.cifs
> * Thanks to Nico Golde for helping with upstream patch backport
> for CVE-2009-2948
>
> It it OK to upload this?
>
> Would you (sec team) guys awnt to review the changelog entries?
If these are the only changes and the debdiff is ok please go ahead. I'll
write the advisory.
What about etch btw?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20091010/02053292/attachment.pgp>
More information about the Pkg-samba-maint
mailing list