[SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses

Christian Perrier bubulle at debian.org
Wed May 28 16:07:32 GMT 2008

Quoting Gerald (Jerry) Carter (jerry at samba.org):

> The time line is as follows:
> * May 15, 2008: Initial report to security at samba.org.
> * May 15, 2008: First response from Samba developers confirming
>   the bug along with a proposed patch.
> * May 28, 2008: Public security advisory made available.

Please understand this as a constructive remark, but was there a reason
to unveil the issue to "vendors" (including /me and Debian coworkers)
as late as May 27th?

For the previous security issues, a few months ago, the time we had to
develop updates was slightly longer....which is pretty important for

Of course, and again, no finger pointing here. I have a too deep
respect for the work of the Samba Team and the great communication we
have with you people...I know there is certainly a reason for the late
unveil and would just like to hear about it.

More information about the samba-technical mailing list