On Fri, 2016-04-15 at 14:52 +1200, Andrew Bartlett wrote: > > I've been thinking over this today, and for 3.6 I think we should > drop > the patch for CVE-2016-2115 entirely. A fix for that is available in > later versions, were it is implemented better. > > Andrew Bartlett
A fixed scratch package with this done is here: https://www.samba.org/~abartlet/3.6.6-security/ I've not tested it, just built it, but confirmation that it addresses this issue would be helpful. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
