Patched 3.0.24 tree for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447

Gerald (Jerry) Carter jerry at
Mon May 14 14:12:51 GMT 2007

Hash: SHA1


As a small means of community service, I've decided to provide
an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1)
to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
security advisories.

The bzr branch is hosted at

The source tarball is available from

The Fedora Core 6 RPMS have been uploaded to

This is it *not* an official release from and therefore
has been signed with my GPG private key (ID D83511F6).  The
security issues have been officially fixed in Samba 3.0.25
upgrade release.  However, if you don't want to make the jump
to 3.0.25 just yet, this 3.0.24 based snapshot might be just
for you.

cheers, jerry
- --
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian


The Samba 3.0.24-gc-X releases are not official releases.
They are cut from a privately maintained branch which can be found
This is done as a service to community to include backported fixes
to the Samba 3.0.24 release in case people do not wish to upgrade.

The 3.0.24-gc-X tree is not an active development tree but rather
a stable release branch similar to the Linux kernel 2.6.xx.yy releases.
My hope is that this will be helpful to some people.

More information about official production releases
may be found at

cheers, jerry
Gerald Carter
<jerry at>

Changes in 3.0.24-gc-1:
- -----------------------

* Merged patches for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
  (More information available at
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list