Path to this page:
./
net/samba33,
SMB/CIFS protocol server suite
Branch: pkgsrc-2011Q2,
Version: 3.3.16,
Package name: samba-3.3.16,
Maintainer: pkgsrc-usersRequired to run:[
devel/readline] [
devel/popt]
Package options: ads, ldap, pam, winbind
Master sites: (Expand)
SHA1: bfb06f2cd88ba6c2fb9d25cabf3b22bf1a402f08
RMD160: 30e181de0e5399503cad3e09f3dd172a0fc6a011
Filesize: 24967.466 KB
Version history: (Expand)
- (2011-08-05) Package added to pkgsrc.se, version samba-3.3.16 (created)
CVS history: (Expand)
2011-07-27 08:38:30 by Steven Drake | Files touched by this commit (3) | |
Log message:
Pullup ticket #3479 - requested by taca
net/samba33 security update.
Revisions pulled up:
- net/samba33/Makefile 1.15
- net/samba33/distinfo 1.7
- net/samba33/patches/patch-af 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 27 00:53:37 UTC 2011
Modified Files:
pkgsrc/net/samba33: Makefile distinfo
pkgsrc/net/samba33/patches: patch-af
Log message:
Update samba33 package to 3.3.16; security fix for swat.
==============================
Release Notes for Samba 3.3.16
July 26, 2011
==============================
This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
o CVE-2011-2522:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site request forgery.
o CVE-2011-2694:
The Samba Web Administration Tool (SWAT) in Samba versions
3.0.x to 3.5.9 are affected by a cross-site scripting
vulnerability.
Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.
Changes since 3.3.15
--------------------
o Kai Blin <kai@samba.org>
* BUG 8289: SWAT contains a cross-site scripting vulnerability.
* BUG 8290: CSRF vulnerability in SWAT.
|