Subject: CVS commit: pkgsrc/net/samba
From: Takahiro Kambe
Date: 2014-06-24 16:06:30
Message id: 20140624140630.1F3DB96@cvs.netbsd.org
Log Message:
Update samba to 3.6.24, security release.

                   ==============================
                   Release Notes for Samba 3.6.24
                           June 23, 2014
                   ==============================

This is a security release in order to address
CVE-2014-0244 (Denial of service - CPU loop) and
CVE-2014-3493 (Denial of service - Server crash/memory corruption).

o  CVE-2014-0244:
   All current released versions of Samba are vulnerable to a denial of
   service on the nmbd NetBIOS name services daemon. A malformed packet
   can cause the nmbd server to loop the CPU and prevent any further
   NetBIOS name service.

   This flaw is not exploitable beyond causing the code to loop expending
   CPU resources.

o  CVE-2014-3493:
   All current released versions of Samba are affected by a denial of service
   crash involving overwriting memory on an authenticated connection to the
   smbd file server.
Files:
RevisionActionfile
1.251modifypkgsrc/net/samba/Makefile
1.100modifypkgsrc/net/samba/distinfo