samba4 package didn't bundle Heimdal

To: debian-security-tracker@lists.debian.org
Subject: samba4 package didn't bundle Heimdal
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 13 Jul 2017 21:17:57 +1200
Message-id: <[🔎] 1499937477.8372.78.camel@samba.org>

https://security-tracker.debian.org/tracker/CVE-2017-11103

Back when samba4 (which has been eviscerated to a client) was a
package, it linked against the system heimdal.

You can see this because it depends on heimdal.

https://packages.debian.org/wheezy/libsamba-credentials0

Additionally, the link the heimdal code has always been dynamic, not
static, it just changed from dynamic to the system libs to dynamic to
the vendored lib embedded in our tree with the Samba 4.2 packages.

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

Reply to:

Follow-Ups:
- Re: samba4 package didn't bundle Heimdal
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: External check
Next by Date: Re: samba4 package didn't bundle Heimdal
Previous by thread: https://security-tracker.debian.org/tracker/CVE-2017-11103
Next by thread: Re: samba4 package didn't bundle Heimdal
Index(es):
- Date
- Thread