[Announce] Samba 3.5.7, 3.4.12 and 3.3.15 Security Releases Available

Christian PERRIER bubulle at debian.org
Mon Feb 28 23:12:12 MST 2011

Quoting Karolin Seeger (kseeger at samba.org):
> Release Announcements
> =====================
> Samba 3.5.7, 3.4.12 and 3.3.15 are security releases in order to
> address CVE-2011-0719.

Debian addressed these in security updates:

- 2:3.2.5-4lenny14 for Debian "lenny"
- 2:3.5.6~dfsg-3squeeze1 for Debian "squeeze"

Please note that the latter is indeed samba 3.5.7 as the difference
between 3.5.6 and 3.5.7 is only the security fix. I opened the
discussion with the Debian security team to decide whether, in the
future, we could be allowed to use the official upstream version
number (to avoid misunderstandings, from our users, about the
"vulnerability" of our packages.

I use this opportunity to thank the Samba Team for their quick and
efficient communication with 'vendors' about this issue, that allowed us
to publish these security updates the very same day the issue was
officially unveiled.

Specifically, even though the 3.2 branch isn't officially supported
security-wise by the Samba Team, we got ready-to-apply patches for 3.2
and these were a great help.

More information about the samba-technical mailing list