CVS commit: [pkgsrc-2013Q2] pkgsrc/net/samba35

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2013Q2] pkgsrc/net/samba35
From: "Matthias Scheler" <tron%netbsd.org@localhost>
Date: Mon, 12 Aug 2013 14:21:30 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Mon Aug 12 14:21:30 UTC 2013

Modified Files:
        pkgsrc/net/samba35 [pkgsrc-2013Q2]: Makefile distinfo
        pkgsrc/net/samba35/patches [pkgsrc-2013Q2]: patch-af patch-ah patch-ap
            patch-aq patch-av patch-aw patch-ba patch-bb

Log Message:
Pullup ticket #4208 - requested by taca
net/samba35: security update

Revisions pulled up:
- net/samba35/Makefile                                          1.31
- net/samba35/distinfo                                          1.16
- net/samba35/patches/patch-af                                  1.6
- net/samba35/patches/patch-ah                                  1.3
- net/samba35/patches/patch-ap                                  1.2
- net/samba35/patches/patch-aq                                  1.4
- net/samba35/patches/patch-av                                  1.3
- net/samba35/patches/patch-aw                                  1.2
- net/samba35/patches/patch-ba                                  1.2
- net/samba35/patches/patch-bb                                  1.2

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Mon Aug 12 02:47:32 UTC 2013

   Modified Files:
        pkgsrc/net/samba35: Makefile distinfo
        pkgsrc/net/samba35/patches: patch-af patch-ah patch-ap patch-aq
            patch-av patch-aw patch-ba patch-bb

   Log Message:
   Update samba35 to 3.5.22, security release.

                      ==============================
                      Release Notes for Samba 3.5.22
                          August 05, 2013
                      ==============================

   This is a security release in order to address
   CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
   server to loop with DOS).

   o  CVE-2013-4124:
      All current released versions of Samba are vulnerable to a denial of
      service on an authenticated or guest connection. A malformed packet
      can cause the smbd server to loop the CPU performing memory
      allocations and preventing any further service.

      A connection to a file share, or a local account is needed to exploit
      this problem, either authenticated or unauthenticated if guest
      connections are allowed.

      This flaw is not exploitable beyond causing the code to loop
      allocating memory, which may cause the machine to exceed memory
      limits.

   Changes since 3.5.21:
   ---------------------

   o   Jeremy Allison <jra%samba.org@localhost>
       * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list
         reading can cause server to loop with DOS.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.29.2.1 pkgsrc/net/samba35/Makefile
cvs rdiff -u -r1.15 -r1.15.4.1 pkgsrc/net/samba35/distinfo
cvs rdiff -u -r1.5 -r1.5.6.1 pkgsrc/net/samba35/patches/patch-af
cvs rdiff -u -r1.2 -r1.2.18.1 pkgsrc/net/samba35/patches/patch-ah \
    pkgsrc/net/samba35/patches/patch-av
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.22.1 pkgsrc/net/samba35/patches/patch-ap \
    pkgsrc/net/samba35/patches/patch-aw
cvs rdiff -u -r1.3 -r1.3.18.1 pkgsrc/net/samba35/patches/patch-aq
cvs rdiff -u -r1.1 -r1.1.14.1 pkgsrc/net/samba35/patches/patch-ba \
    pkgsrc/net/samba35/patches/patch-bb

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: [pkgsrc-2013Q2] pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: [pkgsrc-2013Q2] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index