Re: [SECURITY] [DSA-200-1] Samba buffer overflow

[Olaf Meeuwissen <olaf@epkowa.co.jp>]

Matt Zimmerman <mdz@debian.org> writes:

> On Mon, Nov 25, 2002 at 08:24:45PM +0900, Olaf Meeuwissen wrote:
> 
> > Hmm, from the version numbers (2.2.3a-6 to 2.2.3a-12) and changelog 
> > entries since the version in stable it looks as if this upgrade does a 
> > little more than just fix the security problem.  Whatever happened to 
> > just backporting the security fix?
> 
> The samba maintainers had already prepared an update for stable
> which contained backported fixes for important bugs.  These fixes
> were appropriate for the next point release, so rather than build a
> security update based on 2.2.3a-6 and then a new stable upload based
> on 2.2.3a-9, the security update was based on 2.2.3a-9 with its
> fixes.  You did not get any changes which were not already destined
> for stable.

It'd be nice if the DSA could say so much.

BTW, thanks for all the good work getting security.debian.org back up
so fast.
-- 
Olaf Meeuwissen                            EPSON KOWA Corporation, ECS
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
Penguin's lib!       -- I hack, therefore I am --               LPIC-2