Subject: CVS commit: pkgsrc/net/samba4
From: Takahiro Kambe
Date: 2023-04-01 10:49:05
Message id: 20230401084905.444DDFA81@cvs.NetBSD.org
Log Message:
net/samba4: update to 4.17.7

                   ==============================
                   Release Notes for Samba 4.17.7
                           March 29, 2023
                   ==============================

This is a security release in order to address the following defects:

o CVE-2023-0225: An incomplete access check on dnsHostName allows authenticated
                 but otherwise unprivileged users to delete this attribute from
                 any object in the directory.
                 https://www.samba.org/samba/security/CVE-2023-0225.html

o CVE-2023-0922: The Samba AD DC administration tool, when operating against a
                 remote LDAP server, will by default send new or reset
                 passwords over a signed-only connection.
                 https://www.samba.org/samba/security/CVE-2023-0922.html

o CVE-2023-0614: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919
                 Confidential attribute disclosure via LDAP filters was
                 insufficient and an attacker may be able to obtain
                 confidential BitLocker recovery keys from a Samba AD DC.
                 Installations with such secrets in their Samba AD should
                 assume they have been obtained and need replacing.
                 https://www.samba.org/samba/security/CVE-2023-0614.html
Files:
RevisionActionfile
1.161modifypkgsrc/net/samba4/Makefile
1.91modifypkgsrc/net/samba4/distinfo