That new version was uploaded to fix a security issue that was unveiled yesterday and fixed in upstream's 3.2.7.
The applied patch, for the security issue, is attached to this mail.
I also fixed two other issues (one spurious file noticed by Dato in
last upload and a documentation-related fix).
Changelog:
samba (2:3.2.5-3) unstable; urgency=high
* Security update
* Fix Potential access to "/" in setups with registry shares enabled
This fixes CVE-2009-0022, backported from 3.2.7
* Fix links in HTML documentation index file.
Closes: #508388
* Drop spurious docs-xml/smbdotconf/parameters.global.xml.new
file in the diff. Thanks to the release managers for spotting it
-- Christian Perrier <[email protected]> Sun, 21 Dec 2008 08:09:31 +0100
Goal: Fix Potential access to "/" in setups with registry shares enabled Fixes: CVE-2009-0022 Status wrt upstream: Fixed in 3.2.7 Author: Michael Adam <[email protected]> Note: Index: samba-3.2.5/source/smbd/service.c =================================================================== --- samba-3.2.5.orig/source/smbd/service.c +++ samba-3.2.5/source/smbd/service.c @@ -235,6 +235,10 @@ return -1; } + if ((servicename == NULL) || (*servicename == '\0')) { + return -1; + } + if (strequal(servicename, GLOBAL_NAME)) { return -2; }
signature.asc
Description: Digital signature
