[Pkg-samba-maint] What is blocking the security releases of Samba?

Jelmer Vernooij jelmer at jelmer.uk
Thu Dec 31 14:24:42 UTC 2015

On Thu, Dec 31, 2015 at 11:05:27PM +1300, Andrew Bartlett wrote:
> The major Samba security release in December still hasn't hit Debian. 
> The remote memory read issue in LDB (via the AD DC LDAP server) is
> quite serious. 
> What are we blocked on?
> o  CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
> o  CVE-2015-3223 (Denial of service in Samba Active Directory
>                   server)
> o  CVE-2015-5252 (Insufficient symlink verification in smbd)
> o  CVE-2015-5299 (Missing access control check in shadow copy
>                   code)
> o  CVE-2015-5296 (Samba client requesting encryption vulnerable
>                   to downgrade attack)
> o  CVE-2015-8467 (Denial of service attack against Windows
>                   Active Directory server)
> o  CVE-2015-5330 (Remote memory read in Samba LDAP server)

ldb and samba packages have been uploaded to the jessie-security queue. I think
they're still building. Salvatore from the security team is uploading
packages to wheezy.



More information about the Pkg-samba-maint mailing list