Hello, I'll handle sid, stretch and jessie. With the corresponding versions: +samba (2:4.6.5+dfsg-4) unstable; urgency=high +samba (2:4.5.8+dfsg-2+deb9u1) stretch-security; urgency=high + samba (2:4.2.14+dfsg-0+deb8u7) jessie-security; urgency=high
The timing was not very good for me, but I have some time this afternoon to commit+build+upload. Regards Mathieu Parent 2017-07-13 9:45 GMT+02:00 Andrew Bartlett <abart...@samba.org>: > On Thu, 2017-07-13 at 18:05 +1200, Andrew Bartlett wrote: >> On Thu, 2017-07-13 at 07:14 +0200, Raphael Hertzog wrote: >> > Source: samba >> > Severity: grave >> > Tags: security patch >> > Version: 2:4.1.11+dfsg-1 >> > >> > Hi, >> > >> > the following vulnerability was published for samba (due to its embedded >> > copy of heimdal). I checked the build logs for unstable and apparently it >> > does use this copy (I don't know the status for older releases). >> > >> > CVE-2017-11103[0]: MitM attack, impersonation of the Kerberos client, know >> > as Orpheus Lyre >> > >> > A dedicated website is here: >> > https://orpheus-lyre.info/ >> > >> > The samba announce and patch are here: >> > https://www.samba.org/samba/security/CVE-2017-11103.html >> > https://download.samba.org/pub/samba/patches/security/samba-4.x.y-CVE-2017-11103.patch >> > >> > If you fix the vulnerability please also make sure to include the >> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. >> > >> > For further information see: >> > >> > [0] https://security-tracker.debian.org/tracker/CVE-2017-11103 >> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11103 >> > >> > Please adjust the affected versions in the BTS as needed. >> >> Proposed updates are in jessie and stretch branches at: >> >> git://git.samba.org/abartlet/samba-debian.git >> >> I've only built them, not tested them. Then again, the upstream >> patches were not manually tested either (we relied on autobuild), such >> was the rush... >> >> I can upload the built binaries if you want to test them or comment. > > Unsigned packages (sorry) are at: > > https://seafile.catalyst.net.nz/d/8f9c648216c3452497cb/ > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba > > _______________________________________________ > Pkg-samba-maint mailing list > pkg-samba-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-samba-maint -- Mathieu