Patched 3.0.24 tree for CVE-2007-2444, CVE-2007-2446,
Gerald (Jerry) Carter
jerry at samba.org
Mon May 14 14:12:51 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
As a small means of community service, I've decided to provide
an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1)
to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
The bzr branch is hosted at
The source tarball is available from
The Fedora Core 6 RPMS have been uploaded to
This is it *not* an official release from samba.org and therefore
has been signed with my GPG private key (ID D83511F6). The
security issues have been officially fixed in Samba 3.0.25
upgrade release. However, if you don't want to make the jump
to 3.0.25 just yet, this 3.0.24 based snapshot might be just
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
The Samba 3.0.24-gc-X releases are not official samba.org releases.
They are cut from a privately maintained branch which can be found
This is done as a service to community to include backported fixes
to the Samba 3.0.24 release in case people do not wish to upgrade.
The 3.0.24-gc-X tree is not an active development tree but rather
a stable release branch similar to the Linux kernel 2.6.xx.yy releases.
My hope is that this will be helpful to some people.
More information about Samba.org official production releases
may be found at http://www.samba.org/.
<jerry at samba.org>
Changes in 3.0.24-gc-1:
* Merged patches for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
(More information available at http://www.samba.org/samba/security/)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical