Fix for CVE-2013-4475 missing in Samba-3.5 series

Jeremy Allison jra at
Mon Jan 20 16:23:24 MST 2014

On Fri, Jan 17, 2014 at 07:44:48AM +0000, V S, Nagendra (Nonstop Filesystems Team) wrote:
> Hi,
> I was porting the recent samba CVE (CVE-2013-4408) to NonStop, while at it observed that fix for CVE-2013-4475 was not present in Samba-3.5.22 version. Can you please let me know if this is intentional? (i.e CVE-2013-4475 is not applicable to 3.5 series)

3.5.22 was released before CVE-2013-4408 was discovered.

3.5.x is out of maintenance, so we won't be releasing
a 3.5.23 for this. The patch against 3.5.22 is available
on the bug report, if you need to create a product using


More information about the samba-technical mailing list