[SCM] Samba Shared Repository - branch v3-4-test updated

Karolin Seeger kseeger at samba.org
Thu Aug 18 13:20:23 MDT 2011 

The branch, v3-4-test has been updated
       via  cf451d4 WHATSNEW: Update release notes.
      from  b941edf s3/swat: use strlcat instead of strncat to fix build on old Linux distros

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -----------------------------------------------------------------
commit cf451d4710a073888cd1e30b88c6f03a1f49d19c
Author: Karolin Seeger <kseeger at samba.org>
Date:   Sun Jul 24 21:24:27 2011 +0200

    WHATSNEW: Update release notes.
    
    Karolin
    (cherry picked from commit 315437d3d5a503b2d17c8a01f0e2c088febb041a)

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt |   27 ++++++++++++++++++++++-----
 1 files changed, 22 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index abb8cd7..890d002 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -41,21 +41,38 @@ Release notes for older versions follow:
 
                    ==============================
                    Release Notes for Samba 3.4.14
-			  , 2011
+			   July 26, 2011
                    ==============================
 
 
-This is the latest stable release of Samba 3.4.
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o  CVE-2011-2522:
+   The Samba Web Administration Tool (SWAT) in Samba versions
+   3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
 
-Major enhancements in Samba 3.4.14 include:
+o  CVE-2011-2694:
+   The Samba Web Administration Tool (SWAT) in Samba versions
+   3.0.x to 3.5.9 are affected by a cross-site scripting
+   vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
 
-o 
 
 Changes since 3.4.13
 --------------------
 
 
-o  
+o   Kai Blin <kai at samba.org>
+    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+    * BUG 8290: CSRF vulnerability in SWAT.
+
 
 ######################################################################
 Reporting bugs & Development Discussion


-- 
Samba Shared Repository

More information about the samba-cvs mailing list