[SCM] Samba Shared Repository - branch v3-5-test updated

Tue Aug 2 13:20:48 MDT 2011

The branch, v3-5-test has been updated
       via  dbc7962 WHATSNEW: Sync with v3-5-stable.
      from  490986a Fix bug 7462 - Non-standard SA_RESETHAND is used in ...lib/tevent/tevent_sig

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit dbc79629716c0a4e3394504ec9a53c6ef5946c87
Author: Karolin Seeger <kseeger at samba.org>
Date:   Tue Aug 2 21:19:36 2011 +0200

    WHATSNEW: Sync with v3-5-stable.
    
    Karolin

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt |   50 +++++++++++++++++++-------------------------------
 1 files changed, 19 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 94c9b0d..aa6885e 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -43,49 +43,37 @@ Release notes for older releases follow:
 
                    ==============================
                    Release Notes for Samba 3.5.10
-			   July 12, 2011
+			   July 26, 2011
                    ==============================
 
 
-This is the latest stable release of Samba 3.5.
-
-Major enhancements in Samba 3.5.10 include:
-
-o  Fix access to Samba shares when Windows security patch KB2536276 is installed
-   (bug #7460).
-o  Fix DoS in Winbind and smbd with many file descriptors open (bug #7949).
-o  Fix Winbind panics if verify_idpool() fails (bug #8253).
-
-
-Changes since 3.5.9:
---------------------
-
-o   Jeremy Allison <jra at samba.org>
-    * BUG 8254: Make "acl check permissions = no" working in all cases.
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
 
 
-o   Gregor Beck <gbeck at sernet.de>
-    * BUG 8253: Fix Winbind panics if verify_idpool() fails.
+o  CVE-2011-2522:
+   The Samba Web Administration Tool (SWAT) in Samba versions
+   3.0.x to 3.5.9 are affected by a cross-site request forgery.
 
 
-o   David Disseldorp <ddiss at suse.de>
-    * BUG 8269: Stop spamming log with "Could not find child X -- ignoring"
-      messages in smbd.
-
+o  CVE-2011-2694:
+   The Samba Web Administration Tool (SWAT) in Samba versions
+   3.0.x to 3.5.9 are affected by a cross-site scripting
+   vulnerability.
 
-o   Björn Jacke <bj at sernet.de>
-    * BUG 7460: Include sys/file.h only when available.
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
 
 
-o   Volker Lendecke <vl at samba.org>
-    * BUG 7841: Explicitly pass domain_sid to wbint_LookupRids().
-    * BUG 8238: Fix access to Samba shares when Windows security patch
-      KB2536276 is installed.
+Changes since 3.5.9:
+--------------------
 
 
-o   Stefan Metzmacher <metze at samba.org>
-    * BUG 7949: Fix DoS in Winbind and smbd with many file descriptors open.
-    * BUG 8276: Close all sockets attached to a subnet in close_subnet().
+o   Kai Blin <kai at samba.org>
+    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+    * BUG 8290: CSRF vulnerability in SWAT.
 
 
 ######################################################################


-- 
Samba Shared Repository
