[Pkg-samba-maint] HEADS UP: CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
corsac at debian.org
Fri Jul 14 08:00:55 UTC 2017
On Fri, 2017-07-14 at 08:10 +1200, Andrew Bartlett wrote:
> > Hi, thanks for your work on this. The debdiff looks simple and sane enough,
> > unfortunately I don't think we have a Samba-AD test instance to check it does
> > work indeed.
> > Besides the upstream build test was there some confirmation it did work?
> Yes, I built a reproducer for the core issue and checked it against
> upstream. I'll release that in a few days as part of our regression
Ok, thank you. Can you upload the packages to security-master? The stretch one
needs to be built with -sa to include the orig tarball since it's the first
security upload there.
I'll review the packages there and release the DSA when possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: This is a digitally signed message part
More information about the Pkg-samba-maint