On Fri, Mar 23, 2018 at 07:03:42AM +1300, Andrew Bartlett wrote:
> > Since (afaics) there is no known exploit I cannot really test this, but
> > I believe 3.6.6-6+deb7u15 is also vulnerable and the ">4.0.0" is only
> > claimed to be non-affected because the samba developers don't support
> > < 4.0.
On Wed, 2018-03-21 at 22:01 +, Holger Levsen wrote:
> Dear samba maintainers,
>
> the fix for CVE-2018-1050 (eg from 4.5.12+dfsg-2+deb9u) applies cleanly
> on 3.6.6-6+deb7u15, however CVE-2018-1050 says that only versions >4.0.0
> are affected.
>
> Since (afaics) there is no known exploit I c
