[Samba] Debian release version numbers for the April 2016 sec release

Rowland penny rpenny at samba.org
Fri Apr 15 20:20:59 UTC 2016 

On 15/04/16 21:06, Andrew Bartlett wrote:
> On Fri, 2016-04-15 at 15:31 +0100, Rowland penny wrote:
>> On 15/04/16 14:54, L.P.H. van Belle wrote:
>>> Yeah, i have an output of log level 10 while i do a wbinfo -u.
>>>
>>> As for the packages below.
>>> 4.1.17, yes, im upgrading these as we speak, but now on hold due to
>>> this problem.
>>>
>>> 4.2.20 .. error typo, is Version 4.2.10-Debian
>>>
>>> 4.3.7.. yeah, but 4.3.8 is not in debian, the 4.3.7 is the package
>>> version debian used for the latest CVE fixes.
>> OK, just who in Debian cannot read ??? :-D
> Rowland, please take more care in your statements.

OK, now I must take you to task Andrew, I was confused, the Samba 
history web page clearly says 'do not use' but debian seems to be using 
the versions that have that epitath, so I said ( in a jocular way, there 
is a laughing smiley at the end) 'OK, just who in Debian cannot read 
???' if that upsets you, well sorry, but it was not meant in that tone.

A quick post to the Samba mailing explaining everything just after the 
CVE release was all that was required, but it seems that you had to A) 
confuse me and then B) get upset yourself by my jocular comment before 
you released the info.

Again I apologise if I have upset you in any way, but before your posts 
tonight, I was very confused by the fact that debian seemed to be using 
versions it shouldn't.

Rowland

>
>> If you look here: https://www.samba.org/samba/history/
>>
>> It clearly says 'samba-4.3.7 (do not use)' .
>>
>> Not to say this is the problem, but it cannot be helping.
> This is entirely and totally unrelated.
>
> The regression fixed in the 4.3.8 package is in a patch already
> included in Debian's 4.3.7, as they were substantially prepared before
> the new tarballs were provided.  Given deadlines and workload before a
> fixed embargo release time, the of the *eight* packages released
> (including backports of tdb, talloc, ldb and tevent), the three Samba
> package for which a late re-release was made were deliberately not re
> -made with the new version number.
>
> I hope this clarifies things.
>
> Andrew Bartlett
>

More information about the samba mailing list