That new version was uploaded to fix a security issue that was unveiled yesterday and fixed in upstream's 3.2.7. The applied patch, for the security issue, is attached to this mail. I also fixed two other issues (one spurious file noticed by Dato in last upload and a documentation-related fix). Changelog: samba (2:3.2.5-3) unstable; urgency=high * Security update * Fix Potential access to "/" in setups with registry shares enabled This fixes CVE-2009-0022, backported from 3.2.7 * Fix links in HTML documentation index file. Closes: #508388 * Drop spurious docs-xml/smbdotconf/parameters.global.xml.new file in the diff. Thanks to the release managers for spotting it -- Christian Perrier <bubulle@debian.org> Sun, 21 Dec 2008 08:09:31 +0100
Goal: Fix Potential access to "/" in setups with registry shares enabled Fixes: CVE-2009-0022 Status wrt upstream: Fixed in 3.2.7 Author: Michael Adam <obnox@samba.org> Note: Index: samba-3.2.5/source/smbd/service.c =================================================================== --- samba-3.2.5.orig/source/smbd/service.c +++ samba-3.2.5/source/smbd/service.c @@ -235,6 +235,10 @@ return -1; } + if ((servicename == NULL) || (*servicename == '\0')) { + return -1; + } + if (strequal(servicename, GLOBAL_NAME)) { return -2; }
Attachment:
signature.asc
Description: Digital signature