Re: Samba 3.3.6 upload?

To: backports-users@lists.backports.org
Subject: Re: Samba 3.3.6 upload?
From: Gerfried Fuchs <rhonda@deb.at>
Date: Thu, 2 Jul 2009 12:38:34 +0200
Message-id: <[🔎] 20090702103834.GA9397@anguilla.debian.or.at>
Mail-followup-to: backports-users@lists.backports.org
In-reply-to: <[🔎] 20090701184424.GR8455@mykerinos.kheops.frmug.org>
References: <[🔎] 20090701184424.GR8455@mykerinos.kheops.frmug.org>

* Christian Perrier <bubulle@debian.org> [2009-07-01 20:44:24 CEST]:
> Samba 3.3 series is affected by CVE 2009-1888:
>      In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a
>      data value can potentially affect access control when "dos filemode"
>      is set to "yes".
> 
> So, the 3.3.4 versiont hat's in backports.org is affected too.
> 
> I have a ready upload of the backport of 3.3.6 packages which I
> uploaded in unstable.
> 
> From what I understand of bpo policy wrt security updates, it would be
> OK for me to upload it. Is that correct?

 Yes, please do so. And please don't forget to also send the mail to
backports-security-announce, see the archive on
<http://lists.backports.org/> for the template text.

 So long, and thanks for your security-related responsibility!
Rhonda

Reply to:

References:
- Samba 3.3.6 upload?
  - From: Christian Perrier <bubulle@debian.org>

Prev by Date: Samba 3.3.6 upload?
Next by Date: Re: PostgreSQL 8.4 into lenny-backports
Previous by thread: Samba 3.3.6 upload?
Next by thread: Status of openoffice.org packages in lenny-backports?
Index(es):
- Date
- Thread