[Pkg-samba-maint] What is blocking the security releases of Samba?

Jelmer Vernooij jelmer at jelmer.uk
Sat Jan 2 16:03:12 UTC 2016 

These updates won't help Ubuntu I think. They have their own procedures.

I'm not sure what the status on the Ubuntu side is. You would probably want to check with the Ubuntu security team.

Jelmer

On 31 December 2015 8:33:55 PM GMT+01:00, Andrew Bartlett <abartlet at samba.org> wrote:
>On Thu, 2015-12-31 at 14:24 +0000, Jelmer Vernooij wrote:
>> On Thu, Dec 31, 2015 at 11:05:27PM +1300, Andrew Bartlett wrote:
>> > The major Samba security release in December still hasn't hit
>> > Debian. 
>> > 
>> > The remote memory read issue in LDB (via the AD DC LDAP server) is
>> > quite serious. 
>> > 
>> > What are we blocked on?
>> > 
>> > o  CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
>> > o  CVE-2015-3223 (Denial of service in Samba Active Directory
>> >                   server)
>> > o  CVE-2015-5252 (Insufficient symlink verification in smbd)
>> > o  CVE-2015-5299 (Missing access control check in shadow copy
>> >                   code)
>> > o  CVE-2015-5296 (Samba client requesting encryption vulnerable
>> >                   to downgrade attack)
>> > o  CVE-2015-8467 (Denial of service attack against Windows
>> >                   Active Directory server)
>> > o  CVE-2015-5330 (Remote memory read in Samba LDAP server)
>> 
>> ldb and samba packages have been uploaded to the jessie-security
>> queue. I think
>> they're still building. Salvatore from the security team is uploading
>> packages to wheezy.
>
>Thanks to both of you for doing the updates.  Hopefully this also helps
>Ubuntu (who should have been able to do this themselves) get their
>security release out.
>
>Thanks,
>
>Andrew Bartlett
>
>-- 
>Andrew Bartlett                       http://samba.org/~abartlet/
>Authentication Developer, Samba Team  http://samba.org
>Samba Developer, Catalyst IT         
>http://catalyst.net.nz/services/samba
>
>
>
>
>_______________________________________________
>Pkg-samba-maint mailing list
>Pkg-samba-maint at lists.alioth.debian.org
>http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-samba-maint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160102/ff3377df/attachment.html>

More information about the Pkg-samba-maint mailing list