[SCM] Samba Shared Repository - annotated tag samba-4.0.13 created

Karolin Seeger kseeger at samba.org
Sun Dec 8 22:10:06 MST 2013 

The annotated tag, samba-4.0.13 has been created
        at  32e064da9e3332c17156988fe2cd1e245af59781 (tag)
   tagging  b0574ae788d3379915996fb5bd0db2721f0634cd (commit)
  replaces  samba-4.0.12
 tagged by  Karolin Seeger
        on  Fri Dec 6 20:08:22 2013 +0100

- Log -----------------------------------------------------------------
samba: tag release samba-4.0.13
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQBSoiCmbzORW2Vot+oRAjz6AKCLY8AKZE4Ae8zh8b4//6ipP2kHqgCgopjb
wsW5SoHGwLqTI1eg+qyQJBs=
=TB9B
-----END PGP SIGNATURE-----

Jeremy Allison (4):
      CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
      CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
      CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
      CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.

Karolin Seeger (3):
      VERSION: Bump version number up to 4.0.13...
      WHATSNEW: Add release notes for Samba 4.0.13.
      VERSION: Disable git snapshots for the 4.0.13 release.

Noel Power (1):
      CVE-2012-6150: fail authentication for single group name which cannot be converted to sid

Stefan Metzmacher (12):
      CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_done()
      CVE-2013-4408:librpc: check for invalid frag_len within dcerpc_read_ncacn_packet_next_vector()
      CVE-2013-4408:s3:rpc_client: check for invalid frag_len in dcerpc_pull_ncacn_packet()
      CVE-2013-4408:s3:rpc_client: verify frag_len at least contains the header size
      CVE-2013-4408:s4:dcerpc: check for invalid frag_len in ncacn_pull()
      CVE-2013-4408:s4:dcerpc_smb: check for invalid frag_len in send_read_request_continue()
      CVE-2013-4408:s4:dcerpc_smb2: check for invalid frag_len in send_read_request_continue()
      CVE-2013-4408:s4:dcerpc_sock: check for invalid frag_len within sock_complete_packet()
      CVE-2013-4408:async_sock: add some overflow detection to read_packet_handler()
      CVE-2013-4408:s3:util_tsock: add some overflow detection to tstream_read_packet_done()
      CVE-2013-4408:libcli/util: add some size verification to tstream_read_pdu_blob_done()
      CVE-2013-4408:s3:ctdb_conn: add some length verification to ctdb_packet_more()

-----------------------------------------------------------------------


-- 
Samba Shared Repository

More information about the samba-cvs mailing list