Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities

To: Steve Kemp <skx@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities
From: Ewen McNeill <ewen@naos.co.nz>
Date: Tue, 27 Nov 2007 12:00:05 +1300
Message-id: <[🔎] 20071126230005.698DD112712@wat.la.naos.co.nz>
In-reply-to: Message from Steve Kemp <skx@debian.org> of "Mon, 26 Nov 2007 14:53:41 -0000." <20071126145341.GA3961@steve.org.uk>

In message <20071126145341.GA3961@steve.org.uk>, Steve Kemp writes:
>Package        : samba
>Vulnerability  : several
>Problem type   : remote
>Debian-specific: no
>CVE Id(s)      : CVE-2007-4572, CVE-2007-5398
>[...]
>For the stable distribution (etch), these problems have been fixed in
>version 3.0.24-6etch7.

There doesn't appear to be a i386 package for Samba version
3.0.24-6etch7 on any of the security.debian.org servers.  Only a
3.0.24-6etch6 package.  AMD64 and most other architectures seem to have
3.0.24-6etch7 and not 3.0.24-6etch6 packages.

According to the change log this means that one regression is missing
in the i386 packages (6etch6):

-=- cut here -=-
samba (3.0.24-6etch7) stable-security; urgency=low

  * Fix for one final regression related to the fix for CVE-2007-4572,
    pulled from upstream.  Thanks to Santiago Garcia Mantinan
    <manty@debian.org> for catching this.

 -- Steve Langasek <vorlon@debian.org>  Sat, 24 Nov 2007 02:17:06 -0800
-=- cut here -=-

For example:

-=- cut here -=-
ftp> cd debian-security/pool/updates/main/s/samba/
250 Directory successfully changed.
ftp> ls samba-common*etch*i386*
227 Entering Passive Mode (128,31,0,36,95,228)
150 Here comes the directory listing.
-rw-rw-r--    1 1176     1176      2381022 May 30 10:30 samba-common_3.0.24-6etch4_i386.deb
-rw-rw-r--    1 1176     1176      2381196 Nov 15 22:35 samba-common_3.0.24-6etch5_i386.deb
-rw-rw-r--    1 1176     1176      2381264 Nov 23 13:25 samba-common_3.0.24-6etch6_i386.deb
226 Directory send OK.
ftp> ls samba-common*etch*amd64*
227 Entering Passive Mode (128,31,0,36,172,122)
150 Here comes the directory listing.
-rw-rw-r--    1 1176     1176      2596688 Jun 01 07:00 samba-common_3.0.24-6etch4_amd64.deb
-rw-rw-r--    1 1176     1176      2595582 Nov 22 20:45 samba-common_3.0.24-6etch5_amd64.deb
-rw-rw-r--    1 1176     1176      2597004 Nov 24 11:05 samba-common_3.0.24-6etch7_amd64.deb
226 Directory send OK.
ftp> 
-=- cut here -=-

(But the same thing seems to be true for the entire samba suite.)

Will new i386 packages be built?  Or does that regression not affect i386?

Ewen

Reply to:

Follow-Ups:
- Re: UNS: Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: Permission changes with rsync
Next by Date: Re: UNS: Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities
Previous by thread: Re: [SECURITY] [DSA 1400-1] New perl packages fix arbitrary code execution
Next by thread: Re: UNS: Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities
Index(es):
- Date
- Thread