[Pkg-samba-maint] samba_4.18.5+dfsg-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Jul 19 16:38:15 BST 2023 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Jul 2023 17:55:58 +0300
Source: samba
Architecture: source
Version: 2:4.18.5+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt at tls.msk.ru>
Closes: 1041043
Changes:
 samba (2:4.18.5+dfsg-1) unstable; urgency=medium
 .
   * new upstream stable/security release 4.18.5, including:
    o CVE-2022-2127:  When winbind is used for NTLM authentication,
      a maliciously crafted request can trigger an out-of-bounds read
      in winbind and possibly crash it.
      https://www.samba.org/samba/security/CVE-2022-2127.html
    o CVE-2023-3347:  SMB2 packet signing is not enforced if an admin
      configured "server signing = required" or for SMB2 connections to
      Domain Controllers where SMB2 packet signing is mandatory.
      https://www.samba.org/samba/security/CVE-2023-3347.html
    o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service
      for Spotlight can be triggered by an unauthenticated attacker by
      issuing a malformed RPC request.
      https://www.samba.org/samba/security/CVE-2023-34966.html
    o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service
      for Spotlight can be used by an unauthenticated attacker to trigger
      a process crash in a shared RPC mdssvc worker process.
      https://www.samba.org/samba/security/CVE-2023-34967.html
    o CVE-2023-34968: As part of the Spotlight protocol Samba discloses
      the server-side absolute path of shares and files and directories
      in search results.
      https://www.samba.org/samba/security/CVE-2023-34968.html
    o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
      https://bugzilla.samba.org/show_bug.cgi?id=15418
      (this has been patched in the previous upload; Closes: #1041043)
Checksums-Sha1:
 ee66ccf12bc249ca6a868b9e505deefadf4f476f 4415 samba_4.18.5+dfsg-1.dsc
 ef2fa1002634cd313be83dec98d0e9e9fc378261 24393552 samba_4.18.5+dfsg.orig.tar.xz
 e23e9b440573a5b7fdcc2714de240dc0f781ed88 272716 samba_4.18.5+dfsg-1.debian.tar.xz
 3f3aa2d0d096154947d90eeb2eb711e6e47b61a5 6348 samba_4.18.5+dfsg-1_source.buildinfo
Checksums-Sha256:
 43c0755ab310e398908785347c059699bd1e826a2cb03a2cc29850f8e7f643b9 4415 samba_4.18.5+dfsg-1.dsc
 c235c0ed7e8580c7e6fcf503acbd55122ad8e262ef2deacc34870c830fcb646a 24393552 samba_4.18.5+dfsg.orig.tar.xz
 46c7ff524037394f44daae5671b44ec704ab01fe3c83cd7a67a098b7909b9fd9 272716 samba_4.18.5+dfsg-1.debian.tar.xz
 b7da409f85a79248d5c23faefa0679255b02fadefa2dd9dffd3b3e7706388fb8 6348 samba_4.18.5+dfsg-1_source.buildinfo
Files:
 5ef5065031d75bfeffb9bfa29cd5af14 4415 net optional samba_4.18.5+dfsg-1.dsc
 4f0022d44fcf54e90c90b7528be76d88 24393552 net optional samba_4.18.5+dfsg.orig.tar.xz
 ec742285f3bef278651dc748bb01c7c2 272716 net optional samba_4.18.5+dfsg-1.debian.tar.xz
 f4d22994bfeba24da43fb10488ca410d 6348 net optional samba_4.18.5+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmS3+ckPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZOWMIAK5RaoKPiqiGPpsZCouPddPXl8j1ZAt2R7k7
8du+XjUi4qr+emqRL6+kQAmggrwh6vPBgkRz8lJd78GXts4pigLdXT1FvarXFhF8
S9DNo0JhoxX3tzp/j/gNtNqI2760sJqA13DFkK1JInxOfDtnWOk8wrQ6tzEc4wPD
yJ79voZCDfiLfNl/a0h1dW3ecLsRiQIT3Bdrsdi8e3KBDsCrGqmjcLXSsdB+DDSO
Y9bBqZBAUMrb4izIcjmCTeAeQplBXpCiJqdyKsxBTComw8pMajOZ7IhBwvcxdk9R
7SVyf0U/7QDbLkOF18CTM86awAdxhWbe5tBC2mscIJdaaVEHi/c=
=iBYc
-----END PGP SIGNATURE-----

More information about the Pkg-samba-maint mailing list