Hi list, "Thu, 7 Oct 2004 09:45:17 +0200 (CEST)", "Martin Schulze" "[SECURITY] [DSA 600-1] New samba packages fix arbitrary file access"
>Package : samba >Vulnerability : arbitrary file access >Problem-Type : remote >Debian-specific: no >CVE ID : CAN-2004-0815 This is the fix for latest vulnerability that fixed in upstream version 2.2.12 (http://www.samba.org/samba/news/releases/#security_2.2.12), but how about the fix for previous buffer overflow vulnerabilities (CAN-2004-0600, CAN-2004-0686)? I think that is more danger than fixed vulnerability in DSA 600-1, because this DSA 600-1 issue can avoid by editing smb.conf as workaround. I saw the post in BTS, but it seems to be left since July... (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260838) Does anyone know about this issue? -- Regards, Hideki Yamane <henrich @ samba.gr.jp/iijmio-mail.jp> Key fingerprint = 4555 82ED 38B6 C870 E099 388C 22ED 21CB C4C7 264B -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
