[Pkg-samba-maint] What is blocking the security releases of Samba?
Jelmer Vernooij
jelmer at jelmer.uk
Thu Dec 31 14:24:42 UTC 2015
On Thu, Dec 31, 2015 at 11:05:27PM +1300, Andrew Bartlett wrote:
> The major Samba security release in December still hasn't hit Debian.
>
> The remote memory read issue in LDB (via the AD DC LDAP server) is
> quite serious.
>
> What are we blocked on?
>
> o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
> o CVE-2015-3223 (Denial of service in Samba Active Directory
> server)
> o CVE-2015-5252 (Insufficient symlink verification in smbd)
> o CVE-2015-5299 (Missing access control check in shadow copy
> code)
> o CVE-2015-5296 (Samba client requesting encryption vulnerable
> to downgrade attack)
> o CVE-2015-8467 (Denial of service attack against Windows
> Active Directory server)
> o CVE-2015-5330 (Remote memory read in Samba LDAP server)
ldb and samba packages have been uploaded to the jessie-security queue. I think
they're still building. Salvatore from the security team is uploading
packages to wheezy.
Cheers,
Jelmer
More information about the Pkg-samba-maint
mailing list