Re: [SECURITY] [DSA-200-1] Samba buffer overflow
Matt Zimmerman <mdz@debian.org> writes:
> On Mon, Nov 25, 2002 at 08:24:45PM +0900, Olaf Meeuwissen wrote:
>
> > Hmm, from the version numbers (2.2.3a-6 to 2.2.3a-12) and changelog
> > entries since the version in stable it looks as if this upgrade does a
> > little more than just fix the security problem. Whatever happened to
> > just backporting the security fix?
>
> The samba maintainers had already prepared an update for stable
> which contained backported fixes for important bugs. These fixes
> were appropriate for the next point release, so rather than build a
> security update based on 2.2.3a-6 and then a new stable upload based
> on 2.2.3a-9, the security update was based on 2.2.3a-9 with its
> fixes. You did not get any changes which were not already destined
> for stable.
It'd be nice if the DSA could say so much.
BTW, thanks for all the good work getting security.debian.org back up
so fast.
--
Olaf Meeuwissen EPSON KOWA Corporation, ECS
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
Penguin's lib! -- I hack, therefore I am -- LPIC-2
Reply to: