Your message dated Mon, 15 Dec 2025 10:02:29 +0000
with message-id <[email protected]>
and subject line Bug#1122381: fixed in smb4k 4.0.5-1
has caused the Debian Bug report #1122381,
regarding smb4k: CVE-2025-66002 CVE-2025-66003
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122381: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122381
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: smb4k
Version: 4.0.4-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for smb4k.
CVE-2025-66002[0]:
| local users can perform arbitrary unmounts via the smb4k mount
| helper due to lack of input validation.
CVE-2025-66003[1]:
| local users can perform a local root exploit via the smb4k mount
| helper if they can access and control the contents of a Samba
| network share.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-66002
https://www.cve.org/CVERecord?id=CVE-2025-66002
[1] https://security-tracker.debian.org/tracker/CVE-2025-66003
https://www.cve.org/CVERecord?id=CVE-2025-66003
[2] https://www.openwall.com/lists/oss-security/2025/12/10/6
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: smb4k
Source-Version: 4.0.5-1
Done: Pino Toscano <[email protected]>
We believe that the bug you reported is fixed in the latest version of
smb4k, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pino Toscano <[email protected]> (supplier of updated smb4k package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Dec 2025 21:43:13 +0100
Source: smb4k
Architecture: source
Version: 4.0.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team <[email protected]>
Changed-By: Pino Toscano <[email protected]>
Closes: 1122381
Changes:
smb4k (4.0.5-1) unstable; urgency=medium
.
* New upstream release:
- fixes CVE-2025-66002 & CVE-2025-66003 (Closes: #1122381)
* Drop Rules-Requires-Root: no, no more needed since Debian trixie.
* Add the iproute2 dependency, needed for "ip".
Checksums-Sha1:
e0287066a1f491b05e2ac2e92abfb62a5793b176 2804 smb4k_4.0.5-1.dsc
c6789734a2485437d98bb889878dcc878bc36502 4880008 smb4k_4.0.5.orig.tar.xz
9675a6598aaa4b3463c9b026e673e87c9c587e65 8164 smb4k_4.0.5-1.debian.tar.xz
02a3bfa85944ccd1fb9c5632ae8aec3352a763f1 20167 smb4k_4.0.5-1_source.buildinfo
Checksums-Sha256:
5a36e86c2a996b74fd96d88f0e1918b6811c2b29b3dda91aa73d8ce161c3eb58 2804
smb4k_4.0.5-1.dsc
7172cfb48b073ceac6c712066233be640938e935e27057e129882f935a81b9e9 4880008
smb4k_4.0.5.orig.tar.xz
219082b6812196ca58a3c7d5eb5640103736a1842274bec576fbc87a23038f8c 8164
smb4k_4.0.5-1.debian.tar.xz
c883f173ff3d503f25657f1e1fdd7e4d0b351cc7c20b7224cb8c6c386b2438d7 20167
smb4k_4.0.5-1_source.buildinfo
Files:
eb1d2760bbb6dfd7a037180233b593c6 2804 kde optional smb4k_4.0.5-1.dsc
76ba481fb798e91a086e6242820ab3b0 4880008 kde optional smb4k_4.0.5.orig.tar.xz
142e756cb9e66831ce71a1f54fda79c8 8164 kde optional smb4k_4.0.5-1.debian.tar.xz
8094e0203c7c5f2d8f7495730a50ccec 20167 kde optional
smb4k_4.0.5-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXyqfuC+mweEHcAcHLRkciEOxP00FAmk/IZQACgkQLRkciEOx
P013RhAAgrHxbLQsi9GkIIZnzsR7S2/SQXnV1CEiu2oghSCSoy4f0rzJTz8R5c9w
ZcT7NDvVVw4ZDYde0wB8cgQiRM3M03lQL8UwX23USw4u8tDGVQ9m6aFl3SlsFG62
xN11mVVW2mAaOz66Qf+/UQRgcF/5Y2yrFnmmAVXu/DEVDWSAHs3IyLegrs6nGGve
GFMLGeEEaIke4RrdHwo6s4OEHnRYCWaKFb6GK4Z0M8+H9yk2m6rPRlprVLQuSzJk
F4S6q1SM9Fcxk/VzXalu3/X9/nL9q29HjrgWVRlJ2YzJJbKuoQ24TbxFyV7yzN1N
yzZPrd0Rtre10bYNkTl/goVHPkc7osHyZk5dGQUdQNNRazSym5Qc4xt9/eIwKXFe
Yo4R71cnTz6u1VjWI5FInEQ+mZKAmKCiS5QEPicMSdON/jdyH7IV0alJ7kB3zK4P
lqBa1CGLLq94jPljKmuFNovZbQEwG8defUgH5Dd0rblRJ1cXbujvZ1vA+XBvGjoW
jLmHt6/C+NwhDOVwSaAa6+3aA7xYHGu4mNvnVboRBATNT8ku9QdMufNLVrH8tOwJ
DZiBDAUeCcYm6EdwS1pPoEL6oyIbxLODifILExKrtjQEGxaMKmQB7C2ia5N8Ztgs
c6AC3nKyRWN9YGjTpNEvpZLt7vtO4V00QWgtEw5JpOFsm/qHI6A=
=4dJ7
-----END PGP SIGNATURE-----
pgpme0zfi5Cft.pgp
Description: PGP signature
--- End Message ---
