[Pkg-samba-maint] Bug#700729: Bug#700729: Confirmed SWAT password change broken by CVE-2013-0213 / 0214 fix
Christian PERRIER
bubulle at debian.org
Thu Mar 7 06:23:48 UTC 2013
forwarded 700729 https://bugzilla.samba.org/show_bug.cgi?id=9668
thanks
Quoting Gaudenz Steinlin (gaudenz at debian.org):
>
> Hi
>
> I can confirm that this bug was introduced by the security fixes in
> samba/2:3.6.6-5. Downgrading to samba/2:3.6.6-4 fixes the problem. I'm
> running swat from inetd as root.
>
> I would consider this as an RC bug please increase the severity
> accodingly if you agree to get this fixed before the release.
Thanks for confirming this, Gaudenz.
I hereby link this bug report with upstream and will monitor upstream
activity on this. If a fix pops up, it will be proposed for wheezy.
Please note that upstream is seriously considering to abandon swat,
which is very loosely maintained and a potential can of security
bugs. I would encourage anyone relying on it for production use to
consider switching to another tool or utility (no idea which one, though).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20130307/70419889/attachment.pgp>
More information about the Pkg-samba-maint
mailing list