Subject: CVS commit: [pkgsrc-2011Q2] pkgsrc/net/samba33
From: Steven Drake
Date: 2011-07-27 08:38:30
Message id: 20110727063830.6382B175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3479 - requested by taca
net/samba33 security update.

Revisions pulled up:
- net/samba33/Makefile                                          1.15
- net/samba33/distinfo                                          1.7
- net/samba33/patches/patch-af                                  1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Jul 27 00:53:37 UTC 2011

   Modified Files:
   	pkgsrc/net/samba33: Makefile distinfo
   	pkgsrc/net/samba33/patches: patch-af

   Log Message:
   Update samba33 package to 3.3.16; security fix for swat.

                      ==============================
                      Release Notes for Samba 3.3.16
   		           July 26, 2011
                      ==============================

   This is a security release in order to address
   CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
   CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).

   o  CVE-2011-2522:
      The Samba Web Administration Tool (SWAT) in Samba versions
      3.0.x to 3.5.9 are affected by a cross-site request forgery.

   o  CVE-2011-2694:
      The Samba Web Administration Tool (SWAT) in Samba versions
      3.0.x to 3.5.9 are affected by a cross-site scripting
      vulnerability.

   Please note that SWAT must be enabled in order for these
   vulnerabilities to be exploitable. By default, SWAT
   is *not* enabled on a Samba install.

   Changes since 3.3.15
   --------------------

   o   Kai Blin <kai@samba.org>
       * BUG 8289: SWAT contains a cross-site scripting vulnerability.
       * BUG 8290: CSRF vulnerability in SWAT.
Files:
RevisionActionfile
1.14.2.1modifypkgsrc/net/samba33/Makefile
1.6.4.1modifypkgsrc/net/samba33/distinfo
1.1.1.1.12.1modifypkgsrc/net/samba33/patches/patch-af