[SCM] Samba Shared Repository - branch v3-5-test updated
Karolin Seeger
kseeger at samba.org
Tue Aug 2 13:20:48 MDT 2011
The branch, v3-5-test has been updated
via dbc7962 WHATSNEW: Sync with v3-5-stable.
from 490986a Fix bug 7462 - Non-standard SA_RESETHAND is used in ...lib/tevent/tevent_sig
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit dbc79629716c0a4e3394504ec9a53c6ef5946c87
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Aug 2 21:19:36 2011 +0200
WHATSNEW: Sync with v3-5-stable.
Karolin
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 50 +++++++++++++++++++-------------------------------
1 files changed, 19 insertions(+), 31 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 94c9b0d..aa6885e 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -43,49 +43,37 @@ Release notes for older releases follow:
==============================
Release Notes for Samba 3.5.10
- July 12, 2011
+ July 26, 2011
==============================
-This is the latest stable release of Samba 3.5.
-
-Major enhancements in Samba 3.5.10 include:
-
-o Fix access to Samba shares when Windows security patch KB2536276 is installed
- (bug #7460).
-o Fix DoS in Winbind and smbd with many file descriptors open (bug #7949).
-o Fix Winbind panics if verify_idpool() fails (bug #8253).
-
-
-Changes since 3.5.9:
---------------------
-
-o Jeremy Allison <jra at samba.org>
- * BUG 8254: Make "acl check permissions = no" working in all cases.
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
-o Gregor Beck <gbeck at sernet.de>
- * BUG 8253: Fix Winbind panics if verify_idpool() fails.
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
-o David Disseldorp <ddiss at suse.de>
- * BUG 8269: Stop spamming log with "Could not find child X -- ignoring"
- messages in smbd.
-
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
-o Björn Jacke <bj at sernet.de>
- * BUG 7460: Include sys/file.h only when available.
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
-o Volker Lendecke <vl at samba.org>
- * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
- * BUG 8238: Fix access to Samba shares when Windows security patch
- KB2536276 is installed.
+Changes since 3.5.9:
+--------------------
-o Stefan Metzmacher <metze at samba.org>
- * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
- * BUG 8276: Close all sockets attached to a subnet in close_subnet().
+o Kai Blin <kai at samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
######################################################################
--
Samba Shared Repository
More information about the samba-cvs
mailing list