Path to this page:
Next | Query returned 1 messages, browsing 1 to 10 | previous
CVS Commit History:
2011-07-27 08:37:42 by Steven Drake | Files touched by this commit (2) | |
Log message:
Pullup ticket #3478 - requested by taca
net/samba35 security update.
Revisions pulled up:
- net/samba35/Makefile 1.8
- net/samba35/distinfo 1.5
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 27 00:52:20 UTC 2011
Modified Files:
pkgsrc/net/samba35: Makefile distinfo
Log message:
Update samba35 pacakge to 3.5.10; security fix for swat.
==============================
Release Notes for Samba 3.5.10
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.5.9:
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
|
Next | Query returned 1 messages, browsing 1 to 10 | previous