That new version was uploaded to fix a security issue that was
unveiled yesterday and fixed in upstream's 3.2.7.
The applied patch, for the security issue, is attached to this mail.
I also fixed two other issues (one spurious file noticed by Dato in
last upload and a documentation-related fix).
Changelog:
samba (2:3.2.5-3) unstable; urgency=high
* Security update
* Fix Potential access to "/" in setups with registry shares enabled
This fixes CVE-2009-0022, backported from 3.2.7
* Fix links in HTML documentation index file.
Closes: #508388
* Drop spurious docs-xml/smbdotconf/parameters.global.xml.new
file in the diff. Thanks to the release managers for spotting it
-- Christian Perrier <bubulle@debian.org> Sun, 21 Dec 2008 08:09:31 +0100
Goal: Fix Potential access to "/" in setups with registry shares enabled
Fixes: CVE-2009-0022
Status wrt upstream: Fixed in 3.2.7
Author: Michael Adam <obnox@samba.org>
Note:
Index: samba-3.2.5/source/smbd/service.c
===================================================================
--- samba-3.2.5.orig/source/smbd/service.c
+++ samba-3.2.5/source/smbd/service.c
@@ -235,6 +235,10 @@
return -1;
}
+ if ((servicename == NULL) || (*servicename == '\0')) {
+ return -1;
+ }
+
if (strequal(servicename, GLOBAL_NAME)) {
return -2;
}
Attachment:
signature.asc
Description: Digital signature