[Pkg-samba-maint] What is blocking the security releases of Samba?

Andrew Bartlett abartlet at samba.org
Thu Dec 31 10:05:27 UTC 2015

The major Samba security release in December still hasn't hit Debian. 

The remote memory read issue in LDB (via the AD DC LDAP server) is
quite serious. 

What are we blocked on?

o  CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
o  CVE-2015-3223 (Denial of service in Samba Active Directory
o  CVE-2015-5252 (Insufficient symlink verification in smbd)
o  CVE-2015-5299 (Missing access control check in shadow copy
o  CVE-2015-5296 (Samba client requesting encryption vulnerable
                  to downgrade attack)
o  CVE-2015-8467 (Denial of service attack against Windows
                  Active Directory server)
o  CVE-2015-5330 (Remote memory read in Samba LDAP server)


Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the Pkg-samba-maint mailing list