Hosting Provided By

Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities

From: Ewen McNeill <ewen(at)naos.co.nz>
Date: Mon Nov 26 2007 - 18:00:05 EST

In message <20071126145341.GA3961@steve.org.uk>, Steve Kemp writes:
>Package : samba
>Vulnerability : several
>Problem type : remote
>Debian-specific: no
>CVE Id(s) : CVE-2007-4572, CVE-2007-5398
>[...]
>For the stable distribution (etch), these problems have been fixed in
>version 3.0.24-6etch7.

There doesn't appear to be a i386 package for Samba version

3.0.24-6etch7 on any of the security.debian.org servers.  Only a
3.0.24-6etch6 package.  AMD64 and most other architectures seem to have
3.0.24-6etch7 and not 3.0.24-6etch6 packages.

According to the change log this means that one regression is missing in the i386 packages (6etch6):

-=- cut here -=-
samba (3.0.24-6etch7) stable-security; urgency=low

Fix for one final regression related to the fix for CVE-2007-4572, pulled from upstream. Thanks to Santiago Garcia Mantinan <manty@debian.org> for catching this.
- Steve Langasek <vorlon@debian.org> Sat, 24 Nov 2007 02:17:06 -0800 -=- cut here -=-

For example:

-=- cut here -=-
ftp> cd debian-security/pool/updates/main/s/samba/ 250 Directory successfully changed.
ftp> ls samba-common*etch*i386*
227 Entering Passive Mode (128,31,0,36,95,228) 150 Here comes the directory listing.

-rw-rw-r--    1 1176     1176      2381022 May 30 10:30 samba-common_3.0.24-6etch4_i386.deb
-rw-rw-r--    1 1176     1176      2381196 Nov 15 22:35 samba-common_3.0.24-6etch5_i386.deb
-rw-rw-r--    1 1176     1176      2381264 Nov 23 13:25 samba-common_3.0.24-6etch6_i386.deb

226 Directory send OK.
ftp> ls samba-common*etch*amd64*
227 Entering Passive Mode (128,31,0,36,172,122) 150 Here comes the directory listing.

-rw-rw-r--    1 1176     1176      2596688 Jun 01 07:00 samba-common_3.0.24-6etch4_amd64.deb
-rw-rw-r--    1 1176     1176      2595582 Nov 22 20:45 samba-common_3.0.24-6etch5_amd64.deb
-rw-rw-r--    1 1176     1176      2597004 Nov 24 11:05 samba-common_3.0.24-6etch7_amd64.deb

226 Directory send OK.
ftp>
-=- cut here -=-

(But the same thing seems to be true for the entire samba suite.)

Will new i386 packages be built? Or does that regression not affect i386?

Do you need help?

Ewen

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Mon Nov 26 21:04:45 2007

This message: [ Message body ]
Next message: Steve Kemp: "Re: UNS: Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities"
Previous message: Bernd Eckenfels: "Re: Permission changes with rsync"
Next in thread: Steve Kemp: "Re: UNS: Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities"
Reply: Steve Kemp: "Re: UNS: Re: [SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:19 EDT