[SCM] Samba Shared Repository - annotated tag samba-4.7.9 created

Tue, 14 Aug 2018 00:47:41 -0700 

The annotated tag, samba-4.7.9 has been created
        at  056b7ff5e3e8beccc91b1bf0b6e9845da031973f (tag)
   tagging  3e5da7e8878a78da96fbdccd05953c791560a6b5 (commit)
  replaces  samba-4.7.8
 tagged by  Karolin Seeger
        on  Sat Aug 11 22:04:31 2018 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.7.9
-----BEGIN PGP SIGNATURE-----

iEYEABECAAYFAltvQU8ACgkQbzORW2Vot+qbMACgmsGkl5pmrnIKdDIccFotORB8
ztMAn3+WvBP4eZPiZb91gxeHJXjUmJtZ
=8PPP
-----END PGP SIGNATURE-----

Andrew Bartlett (2):
      CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not 
servicePrincipalName is set on a user
      CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check()

Douglas Bagnall (1):
      selftest/tests.py: remove always-needed, never-set with_cmocka flag

Gary Lockyer (1):
      CVE-2018-10919 tests: test ldap searches for non-existent attributes.

Günther Deschner (4):
      CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check()
      CVE-2018-1139 s3-utils: use enum ntlm_auth_level in ntlm_password_check().
      CVE-2018-1139 selftest: verify whether ntlmv1 can be used via SMB1 when 
it is disabled.
      CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is 
disabled via "ntlm auth".

Jeremy Allison (2):
      CVE-2018-10858: libsmb: Ensure smbc_urlencode() can't overwrite passed in 
buffer.
      CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns 
from malicious servers.

Karolin Seeger (3):
      VERSION: Bump version up to 4.7.9...
      WHATSNEW: Add release notes for Samba 4.7.9.
      VERSION: Disable GIT_SNAPSHOT for the 4.7.9 release.

Tim Beale (10):
      CVE-2018-10919 security: Move object-specific access checks into separate 
function
      CVE-2018-10919 security: Add more comments to the object-specific access 
checks
      CVE-2018-10919 tests: Add tests for guessing confidential attributes
      CVE-2018-10919 tests: Add test case for object visibility with limited 
rights
      CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS 
rights
      CVE-2018-10919 acl_read: Split access_mask logic out into helper function
      CVE-2018-10919 acl_read: Small refactor to aclread_callback()
      CVE-2018-10919 acl_read: Flip the logic in the dirsync check
      CVE-2018-10919 acl_read: Fix unauthorized attribute access via searches
      CVE-2018-10919 tests: Add extra test for dirsync deleted object 
corner-case

-----------------------------------------------------------------------


-- 
Samba Shared Repository

Reply via email to