Thanks Mathieu. I referenced it in our dla-needed.txt task list. A member of the LTS team will look into it.
Cheers! Sylvain On 08/04/2019 11:10, Mathieu Parent wrote: > Dear LTS maintainers, > > See attached patch for CVE-2019-3880 in samba. > Don't know if it applies cleanly. > > Regards > > Mathieu Parent > > ---------- Forwarded message --------- > De : Sebastien Delafond <s...@debian.org> > Date: lun. 8 avr. 2019 à 10:27 > Subject: [SECURITY] [DSA 4427-1] samba security update > To: <debian-security-annou...@lists.debian.org> > > > ------------------------------------------------------------------------- > Debian Security Advisory DSA-4427-1 secur...@debian.org > https://www.debian.org/security/ Sebastien Delafond > April 08, 2019 https://www.debian.org/security/faq > ------------------------------------------------------------------------- > > Package : samba > CVE ID : CVE-2019-3880 > > Michael Hanselmann discovered that Samba, a SMB/CIFS file, print, and > login server for Unix, was vulnerable to a symlink traversal > attack. It would allow remote authenticated users with write > permission to either write or detect files outside of Samba shares. > > For the stable distribution (stretch), this problem has been fixed in > version 2:4.5.16+dfsg-1+deb9u1. > > We recommend that you upgrade your samba packages. > > For the detailed security status of samba please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/samba > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org