./net/samba35, SMB/CIFS protocol server suite

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2011Q2, Version: 3.5.10, Package name: samba-3.5.10, Maintainer: pkgsrc-users
Required to run:
[devel/readline] [devel/popt]

Required to build:
[devel/gmake]

Package options: ads, ldap, pam, winbind

Master sites: (Expand)

SHA1: de63b1a7e2fa6bcae91dbf7d2cbdfb38d0f97c00
RMD160: 8dd4c500b0c967d70e750830443ea3c4f1d864b9
Filesize: 30032.906 KB

Version history: (Expand)


CVS history: (Expand)


   2011-07-27 08:37:42 by Steven Drake | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #3478 - requested by taca
net/samba35 security update.

Revisions pulled up:
- net/samba35/Makefile                                          1.8
- net/samba35/distinfo                                          1.5

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jul 27 00:52:20 UTC 2011

   Modified Files:
   	pkgsrc/net/samba35: Makefile distinfo

   Log message:
   Update samba35 pacakge to 3.5.10; security fix for swat.

                      ==============================
                      Release Notes for Samba 3.5.10
   			   July 26, 2011
                      ==============================

   This is a security release in order to address
   CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
   CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).

   o  CVE-2011-2522:
      The Samba Web Administration Tool (SWAT) in Samba versions
      3.0.x to 3.5.9 are affected by a cross-site request forgery.

   o  CVE-2011-2694:
      The Samba Web Administration Tool (SWAT) in Samba versions
      3.0.x to 3.5.9 are affected by a cross-site scripting
      vulnerability.

   Please note that SWAT must be enabled in order for these
   vulnerabilities to be exploitable. By default, SWAT
   is *not* enabled on a Samba install.

   Changes since 3.5.9:
   --------------------

   o   Kai Blin <kai@samba.org>
       * BUG 8289: SWAT contains a cross-site scripting vulnerability.
       * BUG 8290: CSRF vulnerability in SWAT.