Re: [Pkg-samba-maint] fixing CVE-2018-1050 in samba 3.3.6

e, but I have no idea how to best communicate the latter. This was always a very minor concern, a DoS in a non-default configuration. The patch still applies but the DoS becomes a self-DoS (kill your own connection) unless those options are set (which is rare, in my view). Andrew Bartlett -- Andr

Re: Bug#821811: [Pkg-samba-maint] Bug#821811: samba: badlock patch breaks trust relationship

On Thu, 2016-05-26 at 11:40 +0200, Santiago Ruano Rincón wrote: > El 23/05/16 a las 22:28, Andrew Bartlett escribió: > > > > On Wed, 2016-05-18 at 15:47 -0400, Antoine Beaupré wrote: > > > > > > On 2016-04-29 08:55:43, Santiago Ruano Rincón wrote: > &

Re: [Pkg-samba-maint] Bug#821811: samba: badlock patch breaks trust relationship

nt. I'm happy to review things, just not had the time to switch back on to debian matters. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

Re: spamassassin update

et been able to be upgraded. I'm sure there will be difficult calls in the months ahead, particularly where the security part of a patch are difficult to disentagle, and may be better-tested in a broader update. But while we find our feet, it will be much easier to follow a rule of 

Re: eglibc update for GHOST CVE-2015-0235

e patch was correctly included. That is, the test in the patch isn't enough to show the issue in the old code. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalys

Re: Bug#762789: proposed fix for ppp CVE-2014-3158

On Thu, 2014-10-16 at 02:30 +0200, Marco d'Itri wrote: > On Oct 16, Andrew Bartlett wrote: > > > Thanks. How do you wish to proceed? > I suggest that you just upload the package. Just to be clear, I'm not (yet) a Debian Maintainer, so I don't have upload rights

Re: proposed fix for ppp CVE-2014-3158

On Thu, 2014-10-16 at 01:36 +0200, Marco d'Itri wrote: > On Oct 16, Andrew Bartlett wrote: > > > I've prepared a a fix for CVE-2014-3158, an integer overflow potentially > > permitting a user in the dip group to abuse the privileges of the setuid > > root ppp

proposed fix for ppp CVE-2014-3158

tions also need a fix). This is my first fix for squeeze-lts, so I'm using this lower-impact issue to learn the ropes, so feedback most welcome. I'm also not yet a Debian Maintainer, but will apply for that soon so I can also do the announcement next time. Thanks! Andrew Bartlett --

An introduction: Andrew Bartlett / Catalyst Helping out on Debian LTS

amba4 to give us a unified package for samba 4.0 and 4.1). Naturally I still have much to learn, and I look forward to being part of this project. I've applied for access to the secure-testing repo via the aioth project page. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org