[Pkg-samba-maint] samba_4.17.10+dfsg-0+deb12u1~bpo11+1_source.changes ACCEPTED into bullseye-backports

[Debian FTP Masters]

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Jul 2023 23:42:41 +0300
Source: samba
Architecture: source
Version: 2:4.17.10+dfsg-0+deb12u1~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt at tls.msk.ru>
Closes: 1041043
Changes:
 samba (2:4.17.10+dfsg-0+deb12u1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports.
 .
 samba (2:4.17.10+dfsg-0+deb12u1) bookworm-security; urgency=medium
 .
   * new upstream stable/security release 4.17.10, including:
    o CVE-2022-2127:  When winbind is used for NTLM authentication,
      a maliciously crafted request can trigger an out-of-bounds read
      in winbind and possibly crash it.
      https://www.samba.org/samba/security/CVE-2022-2127.html
    o CVE-2023-3347:  SMB2 packet signing is not enforced if an admin
      configured "server signing = required" or for SMB2 connections to
      Domain Controllers where SMB2 packet signing is mandatory.
      https://www.samba.org/samba/security/CVE-2023-3347.html
    o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service
      for Spotlight can be triggered by an unauthenticated attacker by
      issuing a malformed RPC request.
      https://www.samba.org/samba/security/CVE-2023-34966.html
    o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service
      for Spotlight can be used by an unauthenticated attacker to trigger
      a process crash in a shared RPC mdssvc worker process.
      https://www.samba.org/samba/security/CVE-2023-34967.html
    o CVE-2023-34968: As part of the Spotlight protocol Samba discloses
      the server-side absolute path of shares and files and directories
      in search results.
      https://www.samba.org/samba/security/CVE-2023-34968.html
    o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
      https://bugzilla.samba.org/show_bug.cgi?id=15418
      (this has been patched in the previous upload; Closes: #1041043)
Checksums-Sha1:
 14c3f9a296f24f3875de204d96364447a1d4b842 4486 samba_4.17.10+dfsg-0+deb12u1~bpo11+1.dsc
 6f7fc214069b0b7902c09dffa4b37459c2e755da 271680 samba_4.17.10+dfsg-0+deb12u1~bpo11+1.debian.tar.xz
 b605ab87790eb6a7310ffb83eedb5b3e9aa7fe33 6482 samba_4.17.10+dfsg-0+deb12u1~bpo11+1_source.buildinfo
Checksums-Sha256:
 29605af78415d0ed0352c115e8ce7c03662a2fb610381b01392d1ff92802dc7e 4486 samba_4.17.10+dfsg-0+deb12u1~bpo11+1.dsc
 154bf939b6abcb8f8d7fd3e6768e59e5e85a0a96cfd1045783fdfc68022e38ae 271680 samba_4.17.10+dfsg-0+deb12u1~bpo11+1.debian.tar.xz
 d0348b58ea542d0c01296a04f69f136444143536450b59e012c2d99daead511e 6482 samba_4.17.10+dfsg-0+deb12u1~bpo11+1_source.buildinfo
Files:
 2dde2ee27a943f89b08779c0f90768a5 4486 net optional samba_4.17.10+dfsg-0+deb12u1~bpo11+1.dsc
 ed7387d6fc66881ed9ba753ce8c0eeb3 271680 net optional samba_4.17.10+dfsg-0+deb12u1~bpo11+1.debian.tar.xz
 09804d2be4a107494416821390686b3c 6482 net optional samba_4.17.10+dfsg-0+deb12u1~bpo11+1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmTbUJcPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZPOIH+gO7UlzT8OiVgW+3BCwUMcn9cAyz/3mKdXxo
3IhMNaDacjZZLNjcX67HKPNcwD9SzvkYK04HRjNZbjNUcX8cxIc+IDwZewPE8Yb+
SkUl7ZZBQpnfeiLND9Sgl2LPxCJOvK43oG8AmpDKnbLEawtTwz7S/OG3Bmpu7rIM
j3AZddO4Aa3a5mbcva9VENSHC4Ic40oOjgf0dE5ITalp5aHmAl/QyK+to4DQYZw3
CQId5MmcV3Vm7DpBcYHrF44XHktdHYkHvkeb+WE0xvwHyMfppG26RVvtaQU2MVWS
jppUTurKFa49ObhQ3w9V6PINduNNEtZ4NojbLOo2PSYAHxpADYI=
=qX5d
-----END PGP SIGNATURE-----