[Pkg-samba-maint] HEADS UP: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
Andrew Bartlett
abartlet at samba.org
Fri Jul 14 09:53:12 UTC 2017
On Fri, 2017-07-14 at 10:00 +0200, Yves-Alexis Perez wrote:
> On Fri, 2017-07-14 at 08:10 +1200, Andrew Bartlett wrote:
> > > Hi, thanks for your work on this. The debdiff looks simple and sane enough,
> > > unfortunately I don't think we have a Samba-AD test instance to check it does
> > > work indeed.
> > >
> > > Besides the upstream build test was there some confirmation it did work?
> >
> > Yes, I built a reproducer for the core issue and checked it against
> > upstream. I'll release that in a few days as part of our regression
> > suite.
>
> Ok, thank you. Can you upload the packages to security-master? The stretch one
> needs to be built with -sa to include the orig tarball since it's the first
> security upload there.
>
> I'll review the packages there and release the DSA when possible.
I think Mathieu tried to do that yesterday:
https://lists.alioth.debian.org/pipermail/pkg-samba-maint/2017-July/020143.html
I tried to rebuild as requested, but my gbp foo isn't good enough to
get the flags in the right spot, sorry.
I tried:
gbp buildpackage --git-pbuilder --git-dist=stretch --git-builder='debuild -i -I -sa'
But it still didn't include the original source. In any case it is all
lined up in git:
https://anonscm.debian.org/git/pkg-samba/samba.git stretch
This is the end of my day here in NZ, but I hope you and Mathieu can
sort the rest out.
Sorry,
Andrew Bartlett
(still a bit green on Debian maintenance, but helps out when things get
tight to ensure Debian isn't caught on the hop by security issues).
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the Pkg-samba-maint
mailing list