[SAMBA4] Is it affected by CVE-2008-1105?
Andrew Bartlett
abartlet at samba.org
Thu May 29 12:30:10 GMT 2008
On Thu, 2008-05-29 at 07:46 +0200, Christian Perrier wrote:
> As Jelmer prepared some Debian packages for samba4 (which I have to
> upload after the heat with samba3 security issues cools down), I feel
> like I have the duty to ask: is Samba4 affected by that security
> issue?
>
> Even if they're targeted to Debian experimental, I wouldn't like to
> upload vulnerable packages...:)
I would expect not, but have not checked. It is a totally new codebase
in this area, and has a pretty strict focus on bounds checking (but as
always we may find issues regardless...).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080529/34e5f110/attachment.bin
More information about the samba-technical
mailing list