[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: [Announce] Samba 4.6.1, 4.5.7 and 4.4.12 Security Releases Available for Download

On Fri, Mar 31, 2017 at 02:46:23PM +0200, Salvatore Bonaccorso wrote:
> Hi Roberto,
> Just in case this was not known: it might be possible to cross-check
> your work with what Ubuntu does. Rember, they have in 12.04 samba as
> well from 3.6. branch. Though updated to 3.6.25 + patches, but that
> still might help you.
> It's a good source to cross-check as well for future samba updates.
> Regards and hope this helps,
> Salvatore


Thanks very much for the pointer.  I was able to get the Ubuntu patch
for the CVE fix (which was virtually identical to the one Mathieu sent
out and also the patch for the regression fix.  I compared those two to
the patch I created with cherry-picked prerequisite commits and the
tweaked CVE patch and confirmed that resulting changes were identical
(or nearly so, accounting for version differences between 3.6.6 and
3.6.25).  I also confirmed that backport I did of the regression patch
(I started with the patch for Samba 4.2 posted to bugzilla) resulted in
the same set of changes as the Ubuntu patches for the regression fix.

Thanks very much for the pointer.  It was most helpful.  I am much more
confident now that the patches are correct.

Now I am going about confirming that the regressions reported in #858564
and #858590 are addressed by the regression patch.



Roberto C. Sánchez

Reply to: