Re: [SECURITY] [DSA-200-1] Samba buffer overflow

To: Olaf Meeuwissen <olaf@mm.0038.net>
Cc: security@debian.org, debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA-200-1] Samba buffer overflow
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 25 Nov 2002 11:49:09 -0500
Message-id: <[🔎] 20021125164909.GE31709@mizar.alcor.net>
Mail-followup-to: Olaf Meeuwissen <olaf@mm.0038.net>, security@debian.org, debian-security@lists.debian.org
In-reply-to: <[🔎] E18GHM9-0000Zh-00@qed.penguin.lib.org>
References: <20021122202117.GA6597@wiggy.net> <[🔎] E18GHM9-0000Zh-00@qed.penguin.lib.org>

On Mon, Nov 25, 2002 at 08:24:45PM +0900, Olaf Meeuwissen wrote:

> Hmm, from the version numbers (2.2.3a-6 to 2.2.3a-12) and changelog 
> entries since the version in stable it looks as if this upgrade does a 
> little more than just fix the security problem.  Whatever happened to 
> just backporting the security fix?

The samba maintainers had already prepared an update for stable which
contained backported fixes for important bugs.  These fixes were appropriate
for the next point release, so rather than build a security update based on
2.2.3a-6 and then a new stable upload based on 2.2.3a-9, the security update
was based on 2.2.3a-9 with its fixes.  You did not get any changes which
were not already destined for stable.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA-200-1] Samba buffer overflow
  - From: Olaf Meeuwissen <olaf@epkowa.co.jp>

References:
- Re: [SECURITY] [DSA-200-1] Samba buffer overflow
  - From: Olaf Meeuwissen <olaf@mm.0038.net>

Prev by Date: Error in logcheck - /usr/bin/mlock[2298]: (64) not setgid mail
Next by Date: RE: Execute binaries from an encrypted file system [SOLVED]
Previous by thread: Re: [SECURITY] [DSA-200-1] Samba buffer overflow
Next by thread: Re: [SECURITY] [DSA-200-1] Samba buffer overflow
Index(es):
- Date
- Thread