Quoting sacrificial-spam-addr...@horizon.com (sacrificial-spam-addr...@horizon.com): > > What security fixes? > > > > Upstream didn't publish any security advisory sicne 3.2.5 > > http://news.samba.org/releases/3.2.7/: > > 5 January 2009 > > Samba 3.2.7 Available for Download > > > > This is a security release to address CVE-2009-0022. The original advisory > > is available online. A patch for Samba 3.2.6 is available. This security > > advisory is applicable to releases from Samba 3.2.0 to 3.2.6. Past > > security advisories are available on our security page. > > It's also mentioned on http://samba.org/samba/history/security.html
You mean this (from lenny's samba changelog)?
samba (2:3.2.5-3) unstable; urgency=high
* Security update
* Fix Potential access to "/" in setups with registry shares enabled
This fixes CVE-2009-0022, backported from 3.2.7
I indeed should have written "Upstream didn't publish any security
advisory sicne 3.2.5 *that we haven't addressed*"...sorry for the
imprecision.
--
signature.asc
Description: Digital signature
