[SAMBA4] Is it affected by CVE-2008-1105?

Andrew Bartlett abartlet at samba.org
Thu May 29 12:30:10 GMT 2008

On Thu, 2008-05-29 at 07:46 +0200, Christian Perrier wrote:
> As Jelmer prepared some Debian packages for samba4 (which I have to
> upload after the heat with samba3 security issues cools down), I feel
> like I have the duty to ask: is Samba4 affected by that security
> issue?
> Even if they're targeted to Debian experimental, I wouldn't like to
> upload vulnerable packages...:)

I would expect not, but have not checked.  It is a totally new codebase
in this area, and has a pretty strict focus on bounds checking (but as
always we may find issues regardless...).

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20080529/34e5f110/attachment.bin

More information about the samba-technical mailing list