Your message dated Sat, 13 Aug 2022 18:17:43 +0000 with message-id <e1omvhf-005vz7...@fasolo.debian.org> and subject line Bug#1016449: fixed in samba 2:4.13.13+dfsg-1~deb11u5 has caused the Debian Bug report #1016449, regarding samba: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016449: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016449 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: samba Version: 2:4.16.3+dfsg-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerabilities were published for samba. CVE-2022-2031[0]: | Samba AD users can bypass certain restrictions associated with | changing passwords CVE-2022-32742[1]: | Server memory information leak via SMB1 CVE-2022-32744[2]: | Samba AD users can forge password change requests for any user CVE-2022-32745[3]: | Samba AD users can crash the server process with an LDAP add or modify | request CVE-2022-32746[4]: | Samba AD users can induce a use-after-free in the server process | with an LDAP add or modify request If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2031 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2031 [1] https://security-tracker.debian.org/tracker/CVE-2022-32742 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32742 [2] https://security-tracker.debian.org/tracker/CVE-2022-32744 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32744 [3] https://security-tracker.debian.org/tracker/CVE-2022-32745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32745 [4] https://security-tracker.debian.org/tracker/CVE-2022-32746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32746 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: samba Source-Version: 2:4.13.13+dfsg-1~deb11u5 Done: Michael Tokarev <m...@tls.msk.ru> We believe that the bug you reported is fixed in the latest version of samba, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1016...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated samba package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 10 Aug 2022 00:19:38 +0300 Source: samba Architecture: source Version: 2:4.13.13+dfsg-1~deb11u5 Distribution: bullseye-security Urgency: medium Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 1016449 Changes: samba (2:4.13.13+dfsg-1~deb11u5) bullseye-security; urgency=medium . * 3 patches: - CVE-2022-32742-bug-15085-4.13.patch - kpasswd_bugs_v15_4-13.patch - ldb-memory-bug-15096-4.13-v3.patch fixing: o CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords. https://www.samba.org/samba/security/CVE-2022-2031.html o CVE-2022-32742: Server memory information leak via SMB1. https://www.samba.org/samba/security/CVE-2022-32742.html o CVE-2022-32744: Samba AD users can forge password change requests for any user. https://www.samba.org/samba/security/CVE-2022-32744.html o CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32745.html o CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request. https://www.samba.org/samba/security/CVE-2022-32746.html * Closes: #1016449, CVE-2022-2031 CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746 * Build-Depend on libldb-dev >= 2.2.3-2~deb11u2 (which includes the new symbols in libldb used by this update) * d/rules: use dpkg-query instead of pkg-config to find debian package version of libldb-dev, since this is what we actually want, not the internal version libldb thinks it is at. Checksums-Sha1: 21686a856d8b933274619f30540192301b137db0 4044 samba_4.13.13+dfsg-1~deb11u5.dsc eb322235696de71ccf6d847d21d4277e51ac77dd 11787668 samba_4.13.13+dfsg.orig.tar.xz 6b466da7331b0397dc81c39acbb4ce4bf9bccc7c 532064 samba_4.13.13+dfsg-1~deb11u5.debian.tar.xz 3b1f840fa2126430dbf0ad514e5a6fd9be856495 9092 samba_4.13.13+dfsg-1~deb11u5_source.buildinfo Checksums-Sha256: e422c24ea57573a846f3740820adf22bfd742273b2bd936fb800a86b817b3cda 4044 samba_4.13.13+dfsg-1~deb11u5.dsc c4747c211a2050e583d706cf380d48f5d9c1021536a9229fd6ba69e461545c46 11787668 samba_4.13.13+dfsg.orig.tar.xz 0e8474a1c3a39a4890dddb90d8b704ad4c72db9440b2a4c1f15ae3c25e28963b 532064 samba_4.13.13+dfsg-1~deb11u5.debian.tar.xz 7ca84f46d0585dda4e9d62bfa604c50b862fa75f821ddb1ce9fd150c1e620249 9092 samba_4.13.13+dfsg-1~deb11u5_source.buildinfo Files: 098a2f0c678ba89cdc322ba522f98570 4044 net optional samba_4.13.13+dfsg-1~deb11u5.dsc c272fc38655e965733ba1a9e3aa52019 11787668 net optional samba_4.13.13+dfsg.orig.tar.xz 0746e1d12b5a0cc8814bd1036c559702 532064 net optional samba_4.13.13+dfsg-1~deb11u5.debian.tar.xz 9e7cd245b79a270c2280db10d8c06501 9092 net optional samba_4.13.13+dfsg-1~deb11u5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmLyz/EPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZQkUH/iRHQE+cK+YjhpD1gvkSRsIWZdo9/QiOKXc7 JhCAK68FKa6W5JPJYlRsq4lmnNUNjmHM5mS1mvqOtvN5ScCjo8pcKT4OJdktJC7h 30Kuv0hHphWxAzvMcs/VDBpJwole3yKhunRLxxSgaGl3DDEYmOsC+mSDa5DWNE5u QHuOmU/5p9golv+9/x3rk3UM7v0MDNuTSYZQeYW6TWzrJWqnH6tSR4I0ON+Sbuhy 6XMC5+m4tkNDvL+V1slicNnCL30DdDHkLnJW6KalXPSiSOw6CVk+ct9l0q1UoRgI tHBkNJT8al54P1GhMXtxdILNu8zIWyHkxwbIHOIjElhNe2SUm+g= =gSdW -----END PGP SIGNATURE-----
--- End Message ---
