Your message dated Sun, 13 Feb 2022 22:32:26 +0000
with message-id <[email protected]>
and subject line Bug#1001068: fixed in samba 2:4.13.13+dfsg-1~deb11u3
has caused the Debian Bug report #1001068,
regarding samba: Missing upstream commit 0a546be0 on bullseye, bookworm and sid
(part of CVE-2020-25717)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1001068: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001068
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: samba
Version: 2:4.13.13+dfsg-1~deb11u2
Severity: important
X-Debbugs-Cc: [email protected]
The upstream samba commit 0a546be0 is included in the buster security release
2:4.9.5+dfsg-5+deb10u2 via the patch file bug-14901-v4-9.patch, but is missing
in the bullseye security release 2:4.13.13+dfsg-1~deb11u2.
Pleae apply that patch in bullseye as well, so that the idmap_nss fallback via
SID mapping works.
-- Package-specific info:
* /etc/samba/smb.conf present, but not attached
* /var/lib/samba/dhcp.conf not present
-- System Information:
Debian Release: 11.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-8-amd64 (SMP w/48 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND,
TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages samba depends on:
ii adduser 3.118
ii dpkg 1.20.9
ii init-system-helpers 1.60
ii libbsd0 0.11.3-1
ii libc6 2.31-13+deb11u2
ii libgnutls30 3.7.1-5
ii libldb2 2:2.2.3-2~deb11u1
ii libpam-modules 1.4.0-9+deb11u1
ii libpam-runtime 1.4.0-9+deb11u1
ii libpopt0 1.18-2
ii libpython3.9 3.9.2-1
ii libtalloc2 2.3.1-2+b1
ii libtasn1-6 4.16.0-2
ii libtdb1 1.4.3-1+b1
ii libtevent0 0.10.2-1
ii libwbclient0 2:4.13.13+dfsg-1~deb11u2
ii lsb-base 11.1.0
ii procps 2:3.3.17-5
ii python3 3.9.2-3
ii python3-dnspython 2.0.0-1
ii python3-samba 2:4.13.13+dfsg-1~deb11u2
ii samba-common 2:4.13.13+dfsg-1~deb11u2
ii samba-common-bin 2:4.13.13+dfsg-1~deb11u2
ii samba-libs 2:4.13.13+dfsg-1~deb11u2
ii tdb-tools 1.4.3-1+b1
Versions of packages samba recommends:
ii attr 1:2.4.48-6
ii logrotate 3.18.0-2
ii python3-markdown 3.3.4-1
pn samba-dsdb-modules <none>
pn samba-vfs-modules <none>
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
pn ldb-tools <none>
pn ntp | chrony <none>
pn smbldap-tools <none>
pn ufw <none>
ii winbind 2:4.13.13+dfsg-1~deb11u2
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: samba
Source-Version: 2:4.13.13+dfsg-1~deb11u3
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
samba, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated samba package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 03 Feb 2022 21:54:02 +0100
Source: samba
Architecture: source
Version: 2:4.13.13+dfsg-1~deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Samba Maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1001068 1004693 1004694
Changes:
samba (2:4.13.13+dfsg-1~deb11u3) bullseye-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add patches for CVE-2022-0336 (Closes: #1004694)
- CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added
SPN.
- CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is
re-added to an object.
* Add patches for CVE-2021-44142 (Closes: #1004693)
- CVE-2021-44142: libadouble: add defines for icon lengths.
- CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list
of private Samba xattrs.
- CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
- CVE-2021-44142: libadouble: add basic cmocka tests.
- CVE-2021-44142: libadouble: harden parsing code.
* Add patches to address "The CVE-2020-25717 username map [script] advice
has undesired side effects for the local nt token" (Closes: #1001068)
- CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to
the configured domain
- CVE-2020-25717: tests/krb5: Add method to automatically obtain server
credentials
- CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make
room for new accounts
- CVE-2020-25717: selftest: turn ad_member_no_nss_wb into
ad_member_idmap_nss
- CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to
SIDs
- CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the
named based lookup fails
Checksums-Sha1:
62595a0c2cd92a646f2ee32ef98a9b7f12737a74 4514 samba_4.13.13+dfsg-1~deb11u3.dsc
9a5f54933e1409a4c403e4a4d7f122071af9700d 467700
samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz
Checksums-Sha256:
0d84245dfa8ac468b5f50910d1942bac515c8d17e08261390f8ce8a422ba9a05 4514
samba_4.13.13+dfsg-1~deb11u3.dsc
b053b5d46c3f42c6167312a640f0b73972c2e8c9e87405e5559e3fb91fd5fe89 467700
samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz
Files:
1241d6789653e4eea6b82fa627468dda 4514 net optional
samba_4.13.13+dfsg-1~deb11u3.dsc
e25800062ba55e437c3e036c6e023a89 467700 net optional
samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmH8RsRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EhxQQAJv0xn6HV0bmHW4BvocvQ+fkei30Qs3x
mnGRMlIJo/3zRjr/813Ia9ZiFSBT/TTvxnvlr+1Fk+zJSRALpyoXtqQ/GXpwOa10
eEX5AK9rwBm5XAVK45OchrrX4yXYcqG8/SRZzcJo/RDJApTBYM2zSS5LOkfX0xE+
m+GqTPbp1PHFDe2BJnQZnt1hhtIVaNvGP/Mf/6OWqjWUlRPGhp9AgjUr+ffPGtx3
0HIZ61GRB0Uxr3mgRQvhzWZJYQ+/XU6hMNS+EBV9NbXIQY+XOOiRLagZlYi4I52a
42RcCi+6gXjPwIrJqSsSZTOafSZQox3sszEohBcH1gN0htFI3KfmzEdZWyIoaX2Y
GTRckvx9bG+WgPyVESSS+gBGBwQgx9hg2Ae0an5C8PpcmFECcl7b+meiNwVqF3MR
+LuIRvlC2cgv2PUMXfoedsA98UVkLGxSJk9MJ+1Gsldhy6EhdSjQqsLIKkYmf7Yj
oFJFJ6np2u7j7HAUEZrAXmuEm+vJW62VuhE5f1ZKyhI0D4u7Sus2pr3+5hdEc8m0
HCcgcgbkuxxan+N+5WM+s3OngZQAWxNEPVtszxu/TpRNcLF9122lcrmiVYWmj5uz
f81juB9L5VBCuUMQBO7FBS87XJ4tfqmIfL1gTOiAmAU+lwYXI9Jy43s/XU7hTbtf
7kiZHZ4gcsk+
=lSxZ
-----END PGP SIGNATURE-----
--- End Message ---