[Samba] [Announce] Samba 4.19.3 Available for Download
Rowland Penny
rpenny at samba.org
Tue Nov 28 08:49:23 UTC 2023
On Tue, 28 Nov 2023 09:26:56 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 27.11.23 um 17:50 schrieb Rowland Penny via samba:
>
> > If you can follow the trail:
> >
> > https://www.samba.org/samba/security/CVE-2018-14628.html
> >
> > Then:
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=13595
> >
> > You would find this at comment 20 from Jule Anger:
> >
> > Pushed to autobuild-v4-{19,18}-test.
> > I will add the section to the release notes and I will include the
> > bug for the next 4.17 security release.
> >
> > 4.18.8 is due on Wednesday
>
> You mean 4.18.9? I already run 4.18.8.
>
> So that manual fix is to be done AFTER 4.18.9? Or could I do it
> already?
>
> I can wait for 4.18.9, sure, just asking. Thanks ...
>
>
Yes, you are correct, the next in the 4.18 line is 4.18.9 , that is
what you get when you receive an email that tells you this:
Samba 4.18.8 is scheduled for Wednesday, November 29 2023.
AND you believe it without checking :-(
As far as I am aware (and what do I know) you need 4.19.3 to have the
code to fix the CVE problem, the same code will be in the next 4.18
version and in any future 4.17 release (date of latter unknown at this
point, may be never if no further security problems come to light).
Lets be honest, the problem has always been there and doesn't really
tell you anything about anything, it just didn't do what Microsoft does.
I will not be worrying about this and will fix this 'problem' when I
can.
Rowland
More information about the samba
mailing list