[SCM] Samba Shared Repository - annotated tag samba-4.1.3 created

Karolin Seeger kseeger at samba.org
Sun Dec 8 22:08:14 MST 2013 

The annotated tag, samba-4.1.3 has been created
        at  ad0b16dd3228411178dc8af809014c73f0247ae1 (tag)
   tagging  6898c4dbf993889a804e77dd6cb32e0be50f653f (commit)
  replaces  samba-4.1.2
 tagged by  Karolin Seeger
        on  Fri Dec 6 19:49:49 2013 +0100

- Log -----------------------------------------------------------------
samba: tag release samba-4.1.3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQBSohxNbzORW2Vot+oRAj05AJ9ROkG1gZS3p8oT9LyXvQsR97ol+gCfQalN
8Xl6TJyCXNsThUJIYDaX4J0=
=3m3a
-----END PGP SIGNATURE-----

Jeremy Allison (4):
      CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
      CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
      CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
      CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.

Karolin Seeger (3):
      VERSION: Bump version number up to 4.1.3...
      WHATSNEW: Add release notes for Samba 4.1.3.
      VERSION: Disable git snapshots for the 4.1.3 release.

Noel Power (1):
      CVE-2012-6150: Fail authentication for single group name which cannot be converted to sid

Stefan Metzmacher (12):
      CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done()
      CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector()
      CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet()
      CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size
      CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull()
      CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue()
      CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue()
      CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet()
      CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
      CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done()
      CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()
      CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more()

-----------------------------------------------------------------------


-- 
Samba Shared Repository

More information about the samba-cvs mailing list