Dear release managers, The Samba Team just released Samba 3.2.5 today, which is a security-only fix, wrt 3.2.4, which is in lenny. I just uploaded a 2:3.2.5-1 package for it, with urgency=high. The security team is aware of the issue (which does not affect etch). Could you consider unblocking that version and allow it to enter testing? Changelog (typos included): Changes: samba (2:3.2.5-1) unstable; urgency=high . * New upstream version. Security-only release. This addresses CVE-2008-4314: potentially leaking arbitrary memory contents to malicious clients. * Better document cases where using a "master" file for smb.conf is a bad idea. Closes: #483187 * Insert example "add machine script" and "add group script" scripts in the default smb.conf. Closes: #349049 * Move homepage URL to Homepage filed in debian/control The last 3 changes are either documentation (comments and examples) as well as a trivial change in debian/control
Attachment:
signature.asc
Description: Digital signature