[Pkg-samba-maint] What is blocking the security releases of Samba?
abartlet at samba.org
Thu Dec 31 10:05:27 UTC 2015
The major Samba security release in December still hasn't hit Debian.
The remote memory read issue in LDB (via the AD DC LDAP server) is
What are we blocked on?
o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
o CVE-2015-3223 (Denial of service in Samba Active Directory
o CVE-2015-5252 (Insufficient symlink verification in smbd)
o CVE-2015-5299 (Missing access control check in shadow copy
o CVE-2015-5296 (Samba client requesting encryption vulnerable
to downgrade attack)
o CVE-2015-8467 (Denial of service attack against Windows
Active Directory server)
o CVE-2015-5330 (Remote memory read in Samba LDAP server)
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the Pkg-samba-maint