[SCM] Samba Shared Repository - branch v3-4-test updated
Karolin Seeger
kseeger at samba.org
Thu Aug 18 13:20:23 MDT 2011
The branch, v3-4-test has been updated
via cf451d4 WHATSNEW: Update release notes.
from b941edf s3/swat: use strlcat instead of strncat to fix build on old Linux distros
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit cf451d4710a073888cd1e30b88c6f03a1f49d19c
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun Jul 24 21:24:27 2011 +0200
WHATSNEW: Update release notes.
Karolin
(cherry picked from commit 315437d3d5a503b2d17c8a01f0e2c088febb041a)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 27 ++++++++++++++++++++++-----
1 files changed, 22 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index abb8cd7..890d002 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -41,21 +41,38 @@ Release notes for older versions follow:
==============================
Release Notes for Samba 3.4.14
- , 2011
+ July 26, 2011
==============================
-This is the latest stable release of Samba 3.4.
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
-Major enhancements in Samba 3.4.14 include:
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
-o
Changes since 3.4.13
--------------------
-o
+o Kai Blin <kai at samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
+
######################################################################
Reporting bugs & Development Discussion
--
Samba Shared Repository
More information about the samba-cvs
mailing list