Your message dated Thu, 20 Jun 2019 09:44:59 +0200
with message-id
<CAFX5sbx=bE17jFKLwuaE=fjV8=l8nkqez2zy_f8p7kz-jch...@mail.gmail.com>
and subject line Re: [Pkg-samba-maint] Bug#930748: samba: CVE-2019-12435: Samba
AD DC Denial of Service in DNS management server (dnsserver)
has caused the Debian Bug report #930748,
regarding samba: CVE-2019-12435: Samba AD DC Denial of Service in DNS
management server (dnsserver)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
930748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930748
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: samba
Version: 2:4.9.5+dfsg-4
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for samba.
CVE-2019-12435[0]:
| Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer
| dereference, leading to Denial of Service. This is related to the AD
| DC DNS management server (dnsserver) RPC server process.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-12435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
[1] https://www.samba.org/samba/security/CVE-2019-12435.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2:4.9.5+dfsg-5
Le mer. 19 juin 2019 à 22:41, Salvatore Bonaccorso <[email protected]> a écrit :
>
> Hey,
>
> On Wed, Jun 19, 2019 at 10:12:15PM +0200, Mathieu Parent wrote:
> > > The following vulnerability was published for samba.
> > >
> > > CVE-2019-12435[0]:
> > > | Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer
> > > | dereference, leading to Denial of Service. This is related to the AD
> > > | DC DNS management server (dnsserver) RPC server process.
> > >
> > >
> > > If you fix the vulnerability please also make sure to include the
> > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> > >
> > > For further information see:
> > >
> > > [0] https://security-tracker.debian.org/tracker/CVE-2019-12435
> > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12435
> > > [1] https://www.samba.org/samba/security/CVE-2019-12435.html
> >
> > I've just created a pre-approval unblock request to choose between
> > uploading 4.9.9 (including stability fixes) or 4.9.5+patch.
>
> Ack! Thank you Mathieu.
I've uploaded 2:4.9.5+dfsg-5 with only targeted fixes.
But I forgot to add the Closes:. CLosing now.
Regards
--
Mathieu Parent
--- End Message ---
