Re: [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download
- To: Moritz Muehlenhoff <jmm@inutil.org>
- Cc: Roberto C. Sánchez <roberto@connexer.com>, Mathieu Parent <math.parent@gmail.com>, Ola Lundqvist <ola@inguza.com>, "debian-lts@lists.debian.org" <debian-lts@lists.debian.org>, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>, Salvatore Bonaccorso <carnil@debian.org>
- Subject: Re: [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download
- From: Guido Günther <agx@sigxcpu.org>
- Date: Fri, 24 Mar 2017 16:53:05 +0100
- Message-id: <[🔎] 20170324155305.3rn2axisusungzub@bogon.m.sigxcpu.org>
- Mail-followup-to: Guido Günther <agx@sigxcpu.org>, Moritz Muehlenhoff <jmm@inutil.org>, Roberto C. Sánchez <roberto@connexer.com>, Mathieu Parent <math.parent@gmail.com>, Ola Lundqvist <ola@inguza.com>, "debian-lts@lists.debian.org" <debian-lts@lists.debian.org>, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>, Salvatore Bonaccorso <carnil@debian.org>
- In-reply-to: <[🔎] 20170324150408.GB22109@inutil.org>
- References: <20170323091117.GA19027@carrie> <[🔎] CAFX5sbxm+woshfjR9dwmCKPexVssnrFwGGTYNBN=kSDeVtzfBg@mail.gmail.com> <[🔎] CABY6=0kkoBodeGs0aVEp7nOHG1+vSybABnGEmjawNhyZMAuTcQ@mail.gmail.com> <[🔎] CAFX5sbzUGHth2ixU45Th7FmehTYFhQgm5NU+pmSM3AVvSfJX0w@mail.gmail.com> <[🔎] 20170324144544.GA28307@connexer.com> <[🔎] 20170324145523.7sgssipxjyrugrbd@bogon.m.sigxcpu.org> <[🔎] 20170324150408.GB22109@inutil.org>
On Fri, Mar 24, 2017 at 04:04:08PM +0100, Moritz Muehlenhoff wrote:
> On Fri, Mar 24, 2017 at 03:55:23PM +0100, Guido Günther wrote:
> > Hi Roberto,
> > On Fri, Mar 24, 2017 at 10:45:44AM -0400, Roberto C. Sánchez wrote:
> > > On Fri, Mar 24, 2017 at 03:16:28PM +0100, Mathieu Parent wrote:
> > > > Please wait a bit before uploading.
> > > >
> > > > There is a regression in jessie when "follow symlinks = no" #858564,
> > > > and a segfault with vfs_shadow2 (#858590).
> > > >
> > > >
> > > I am working on the wheezy LTS update for samba now.
> > >
> > > There are 37 individual patches in jessie's CVE-2017-2619.patch, and not
> > > all apply cleanly to 3.6.6 in wheezy. That said, I will wait on
> > > uploading until those bugs are resolved and I have incorportated their
> > > fixes.
> >
> > Note that Jessie has samba4 while wheezy has samba3 (samba package) and
> > samba4 (samba4 package).
>
> samba4 in wheezy doesn't provide the Samba daemons, so is irrelevant here:
> https://packages.qa.debian.org/s/samba4/news/20140416T220212Z.html
Just wanted to point out that there's a different set of patches for
samba3. But thanks for spelling this out, I probably should not have
mentioned samba4 in wheezy above to avoid confusion.
Cheers,
-- Guido
Reply to: