Bug#1121733: bookworm-pu: package samba/2:4.17.12+dfsg-0+deb12u3

To: Michael Tokarev <mjt@tls.msk.ru>, 1121733@bugs.debian.org
Subject: Bug#1121733: bookworm-pu: package samba/2:4.17.12+dfsg-0+deb12u3
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 06 Dec 2025 15:54:32 +0000
Message-id: <[🔎] 20cdda4cb27c4fb8e3306abfaefa3780f9f8d851.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1121733@bugs.debian.org
In-reply-to: <[🔎] 176459534803.2053841.2753313546480322780.reportbug@localhost>
References: <[🔎] 176459534803.2053841.2753313546480322780.reportbug@localhost> <[🔎] 176459534803.2053841.2753313546480322780.reportbug@localhost>

Control: tags -1 + confirmed

On Mon, 2025-12-01 at 16:22 +0300, Michael Tokarev wrote:
> [ Reason ]
> There are 3 known security hole exists in bookworm version
> of samba.  These holes has been fixed in more recent versions
> of the package, including trixie version, and the fixes has
> been back-ported to earlier releases by the LTS samba community
> (https://gitlab.com/samba-team/lts-community and the git tree
> in there).
> 
> The vulnerabilities are:
> 
>  CVE-2018-14628: Unprivileged read of deleted object tombstones
>     in AD LDAP server (#1034803)
>  CVE-2025-10230: Command injection via WINS server hook script
>  CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1121733: bookworm-pu: package samba/2:4.17.12+dfsg-0+deb12u3
  - From: Michael Tokarev <mjt@tls.msk.ru>

Prev by Date: Processed: Re: Bug#1121733: bookworm-pu: package samba/2:4.17.12+dfsg-0+deb12u3
Next by Date: Bug#1121737: bookworm-pu: package unbound/1.17.1-2+deb12u4
Previous by thread: Processed: Re: Bug#1121733: bookworm-pu: package samba/2:4.17.12+dfsg-0+deb12u3
Next by thread: Bug#1121733: samba 4.17.12+dfsg-0+deb12u3 flagged for acceptance
Index(es):
- Date
- Thread