[SCM] Samba Website Repository - branch master updated

Lars Müller lmuelle at samba.org
Wed Mar 27 09:16:43 MDT 2013 

The branch, master has been updated
       via  73cdbcd Add CVE-2013-0454 page
      from  91d4fb8 Update latest stable release.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 73cdbcdc0605cd76e4f9a3846f68eb3bf65a0aab
Author: Lars Müller <lars at samba.org>
Date:   Wed Mar 27 16:16:30 2013 +0100

    Add CVE-2013-0454 page

-----------------------------------------------------------------------

Summary of changes:
 security/CVE-2013-0454.html |   42 ++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 42 insertions(+), 0 deletions(-)
 create mode 100644 security/CVE-2013-0454.html


Changeset truncated at 500 lines:

diff --git a/security/CVE-2013-0454.html b/security/CVE-2013-0454.html
new file mode 100644
index 0000000..6137b10
--- /dev/null
+++ b/security/CVE-2013-0454.html
@@ -0,0 +1,42 @@
+===========================================================
+== Subject:     A writable configured share might get read only
+==
+== CVE ID#:     CVE-2013-0454
+==
+== Versions:    Samba 3.6.0 - 3.6.5 (inclusive)
+==
+== Summary:     A share configuration 'read only = no' might result
+==              in 'read only = yes'
+==
+===========================================================
+
+===========
+Description
+===========
+
+Due to a assignment vs equality bug a share reference might get
+overwritten.  This can lead to 'read only = no' from another share to
+leak into a 'read only = yes' share for a subsequent connections. This
+is a re-evaluation of an already fixed bug.
+
+==========
+Workaround
+==========
+
+Update to 3.6.6 or apply
+http://git.samba.org/?p=samba.git;a=commit;h=15a423bf373a8116a0de7a627eaaea3932541e88
+
+==================
+Patch Availability
+==================
+
+See above.
+
+=======
+Credits
+=======
+
+The release of this information was driven by Ulf Troppens of IBM
+February, 19th 2013.
+
+The required patch got written by Michael Adam 1st of February 2013.


-- 
Samba Website Repository

More information about the samba-cvs mailing list