[Pkg-samba-maint] What is blocking the security releases of Samba?
jelmer at jelmer.uk
Sat Jan 2 16:03:12 UTC 2016
These updates won't help Ubuntu I think. They have their own procedures.
I'm not sure what the status on the Ubuntu side is. You would probably want to check with the Ubuntu security team.
On 31 December 2015 8:33:55 PM GMT+01:00, Andrew Bartlett <abartlet at samba.org> wrote:
>On Thu, 2015-12-31 at 14:24 +0000, Jelmer Vernooij wrote:
>> On Thu, Dec 31, 2015 at 11:05:27PM +1300, Andrew Bartlett wrote:
>> > The major Samba security release in December still hasn't hit
>> > Debian.
>> > The remote memory read issue in LDB (via the AD DC LDAP server) is
>> > quite serious.
>> > What are we blocked on?
>> > o CVE-2015-7540 (Remote DoS in Samba (AD) LDAP server)
>> > o CVE-2015-3223 (Denial of service in Samba Active Directory
>> > server)
>> > o CVE-2015-5252 (Insufficient symlink verification in smbd)
>> > o CVE-2015-5299 (Missing access control check in shadow copy
>> > code)
>> > o CVE-2015-5296 (Samba client requesting encryption vulnerable
>> > to downgrade attack)
>> > o CVE-2015-8467 (Denial of service attack against Windows
>> > Active Directory server)
>> > o CVE-2015-5330 (Remote memory read in Samba LDAP server)
>> ldb and samba packages have been uploaded to the jessie-security
>> queue. I think
>> they're still building. Salvatore from the security team is uploading
>> packages to wheezy.
>Thanks to both of you for doing the updates. Hopefully this also helps
>Ubuntu (who should have been able to do this themselves) get their
>security release out.
>Andrew Bartlett http://samba.org/~abartlet/
>Authentication Developer, Samba Team http://samba.org
>Samba Developer, Catalyst IT
>Pkg-samba-maint mailing list
>Pkg-samba-maint at lists.alioth.debian.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pkg-samba-maint