[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UNS: Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities

On Tue Nov 27, 2007 at 12:00:05 +1300, Ewen McNeill wrote:
> In message <20071126145341.GA3961@steve.org.uk>, Steve Kemp writes:
> >Package        : samba
> >Vulnerability  : several
> >Problem type   : remote
> >Debian-specific: no
> >CVE Id(s)      : CVE-2007-4572, CVE-2007-5398
> >[...]
> >For the stable distribution (etch), these problems have been fixed in
> >version 3.0.24-6etch7.
> 
> There doesn't appear to be a i386 package for Samba version
> 3.0.24-6etch7 on any of the security.debian.org servers.  Only a
> 3.0.24-6etch6 package.  AMD64 and most other architectures seem to have
> 3.0.24-6etch7 and not 3.0.24-6etch6 packages.


> According to the change log this means that one regression is missing
> in the i386 packages (6etch6):

  That is correct.

  I've build a package now, and will be uploading shortly.  In the
 meantime you can find it here:

    http://people.debian.org/~skx/samba/

  I'm not entirely sure whether this fixes all known regressions there
 seem to be mixed reports, but it is the best we have and the most
 current elsewhere.

Steve
--
Reply to: