All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/samba4: security bump to version 4.9.6
@ 2019-04-08 10:49 Peter Korsgaard
  2019-04-10 14:00 ` Thomas Petazzoni
  2019-04-14 21:29 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Peter Korsgaard @ 2019-04-08 10:49 UTC (permalink / raw)
  To: buildroot

Fixes the following security vulnerabilities:

 - CVE-2019-3870:
   During the provision of a new Active Directory DC, some files in the private/
   directory are created world-writable.
   https://www.samba.org/samba/security/CVE-2019-3870.html

 - CVE-2019-3880:
   Authenticated users with write permission can trigger a symlink traversal to
   write or detect files outside the Samba share.
   https://www.samba.org/samba/security/CVE-2019-3880.html

For more details, see the release notes:
https://www.samba.org/samba/history/samba-4.9.6.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/samba4/samba4.hash | 4 ++--
 package/samba4/samba4.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/samba4/samba4.hash b/package/samba4/samba4.hash
index 70cea4809b..7762456cfd 100644
--- a/package/samba4/samba4.hash
+++ b/package/samba4/samba4.hash
@@ -1,4 +1,4 @@
 # Locally calculated after checking pgp signature
-# https://download.samba.org/pub/samba/stable/samba-4.9.5.tar.asc
-sha256 078956d2d98e22011265afd4b7221efe4861067dcba4a031583b01f34d423700  samba-4.9.5.tar.gz
+# https://download.samba.org/pub/samba/stable/samba-4.9.6.tar.asc
+sha256 c9205a651a83d69e200fec9dd65e9fa360f0c75ab3275b3dcb74e5cbaec60807  samba-4.9.6.tar.gz
 sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
diff --git a/package/samba4/samba4.mk b/package/samba4/samba4.mk
index 9b226a0e05..3f16b5be4a 100644
--- a/package/samba4/samba4.mk
+++ b/package/samba4/samba4.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SAMBA4_VERSION = 4.9.5
+SAMBA4_VERSION = 4.9.6
 SAMBA4_SITE = https://download.samba.org/pub/samba/stable
 SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
 SAMBA4_INSTALL_STAGING = YES
-- 
2.11.0

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/samba4: security bump to version 4.9.6
  2019-04-08 10:49 [Buildroot] [PATCH] package/samba4: security bump to version 4.9.6 Peter Korsgaard
@ 2019-04-10 14:00 ` Thomas Petazzoni
  2019-04-14 21:29 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2019-04-10 14:00 UTC (permalink / raw)
  To: buildroot

On Mon,  8 Apr 2019 12:49:52 +0200
Peter Korsgaard <peter@korsgaard.com> wrote:

> Fixes the following security vulnerabilities:
> 
>  - CVE-2019-3870:
>    During the provision of a new Active Directory DC, some files in the private/
>    directory are created world-writable.
>    https://www.samba.org/samba/security/CVE-2019-3870.html
> 
>  - CVE-2019-3880:
>    Authenticated users with write permission can trigger a symlink traversal to
>    write or detect files outside the Samba share.
>    https://www.samba.org/samba/security/CVE-2019-3880.html
> 
> For more details, see the release notes:
> https://www.samba.org/samba/history/samba-4.9.6.html
> 
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/samba4/samba4.hash | 4 ++--
>  package/samba4/samba4.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/samba4: security bump to version 4.9.6
  2019-04-08 10:49 [Buildroot] [PATCH] package/samba4: security bump to version 4.9.6 Peter Korsgaard
  2019-04-10 14:00 ` Thomas Petazzoni
@ 2019-04-14 21:29 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2019-04-14 21:29 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security vulnerabilities:
 >  - CVE-2019-3870:
 >    During the provision of a new Active Directory DC, some files in the private/
 >    directory are created world-writable.
 >    https://www.samba.org/samba/security/CVE-2019-3870.html

 >  - CVE-2019-3880:
 >    Authenticated users with write permission can trigger a symlink traversal to
 >    write or detect files outside the Samba share.
 >    https://www.samba.org/samba/security/CVE-2019-3880.html

 > For more details, see the release notes:
 > https://www.samba.org/samba/history/samba-4.9.6.html

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2019.02.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-04-14 21:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-08 10:49 [Buildroot] [PATCH] package/samba4: security bump to version 4.9.6 Peter Korsgaard
2019-04-10 14:00 ` Thomas Petazzoni
2019-04-14 21:29 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.