Thanks for picking this up.
	Performing some basic testing of an updated pkgsrc entry now.

-- 
		David/absolute		-- www.netbsd.org: No hype required --


On Wed, 9 May 2001, Patrick Welche wrote:

> I have no idea whether or not this is the right list, but it seems that in
> pkgsrc, there is:
>
> The following security vulnerabilities are known for net/samba at May 1
> 10:20 :
>
>       samba<2.0.8 has a local-symlink-race exploit (see
>       http://www.securityfocus.com/templates/archive.pike?list=1&mid=177370 for
>       more details)
>
> and at www.samba.org:
>
> o (9th May 2001) Samba 2.0.9 released - SECURITY FIX
>
>   The recent Samba 2.0.8 release did not fix the local /tmp security
>   hole. The 2.0.9 release corrects that. Note that the 2.2.0 release
>   did fix the hole and you should only install 2.0.9 if you don't
>   want to use the 2.2.x release just yet. The 2.0.9 release is
>   available here and the patch is available here.
>
>
> Cheers,
>
> Patrick
>