CVE-2012-6150 and samba4

To: debian-security-tracker@lists.debian.org
Cc: pkg-samba-maint@lists.alioth.debian.org
Subject: CVE-2012-6150 and samba4
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 25 Jan 2014 12:04:37 +1300
Message-id: <[🔎] 1390604677.1160.73.camel@jesse>

I've checked, and this issue does not apply to samba4, because the
'samba4' winbind does not implement this feature at all.  That is, the
problem directive is ignored in all cases.  (This is still fail-open,
but in this case consistently open).  

https://security-tracker.debian.org/tracker/CVE-2012-6150

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

Reply to:

Follow-Ups:
- Re: CVE-2012-6150 and samba4
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: External check
Next by Date: Re: CVE-2012-6150 and samba4
Previous by thread: Bug#735939: marked as done (security-tracker: DSA-2846-1 vs. tracker)
Next by thread: Re: CVE-2012-6150 and samba4
Index(es):
- Date
- Thread