Quoting Karolin Seeger ([email protected]): > o CVE-2009-0022 > In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled, > access to the root filesystem ("/") is granted > when connecting to a share called "" (empty string) > using old versions of smbclient (before 3.0.28).
The Debian Samba packaging team uploaded 2:3.2.5-3 packages yesterday in Debian unstable. They include the fix for CVE-2009-0022. These packages should enter Debian lenny (the next-to-come Debian release) very soon. Please note that 3.2.7 packages will not be provided in Debian lenny. Because of the freeze in preparation for lenny, we stopped the counter at 3.2.5. We however provide *unofficial* packages of 3.2.6 (and soon 3.2.7) as announced in http://www.perrier.eu.org/weblog/2008/12/21#samba-backports (again, this is not an official service by Debian, only a courtesy service by the packagers, on a best effort basis). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
