Back to samba PTS page

Accepted samba 2:4.9.5+dfsg-5+deb10u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 Nov 2021 10:34:50 +0100
Source: samba
Architecture: source
Version: 2:4.9.5+dfsg-5+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 939419
Changes:
 samba (2:4.9.5+dfsg-5+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ Salvatore Bonaccorso ]
   * CVE-2020-25722 Ensure the structural objectclass cannot be changed
   * CVE-2020-25722 dsdb: Restrict the setting of privileged attributes during
     LDAP add/modify
   * s3/auth: use set_current_user_info() in auth3_generate_session_info_pac()
   * selftest: Fix ktest usermap file
   * selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with
     (winbindd => "offline")
   * CVE-2020-25719 CVE-2020-25717: selftest: remove "gensec:require_pac"
     settings
   * CVE-2020-25717: s3:winbindd: make sure we default to r->out.authoritative
     = true
   * CVE-2020-25717: s4:auth/ntlm: make sure auth_check_password() defaults to
     r->out.authoritative = true
   * CVE-2020-25717: s4:torture: start with authoritative = 1
   * CVE-2020-25717: s4:smb_server: start with authoritative = 1
   * CVE-2020-25717: s4:auth_simple: start with authoritative = 1
   * CVE-2020-25717: s3:ntlm_auth: start with authoritative = 1
   * CVE-2020-25717: s3:torture: start with authoritative = 1
   * CVE-2020-25717: s3:rpcclient: start with authoritative = 1
   * CVE-2020-25717: s3:auth: start with authoritative = 1
   * CVE-2020-25717: auth/ntlmssp: start with authoritative = 1
   * CVE-2020-25717: loadparm: Add new parameter "min domain uid"
   * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() forward the
     low level errors
   * CVE-2020-25717: s3:auth: Check minimum domain uid
   * CVE-2020-25717: s3:auth: we should not try to autocreate the guest account
   * CVE-2020-25717: s3:auth: no longer let check_account() autocreate local
     users
   * CVE-2020-25717: s3:auth: remove fallbacks in smb_getpwnam()
   * CVE-2020-25717: s3:auth: don't let create_local_token depend on
     !winbind_ping()
   * CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or
     member)
   * CVE-2020-25717: s4:auth: remove unused
     auth_generate_session_info_principal()
   * CVE-2020-25717: s3:ntlm_auth: fix memory leaks in
     ntlm_auth_generate_session_info_pac()
   * CVE-2020-25717: s3:ntlm_auth: let ntlm_auth_generate_session_info_pac()
     base the name on the PAC LOGON_INFO only
   * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() delegate
     everything to make_server_info_wbcAuthUserInfo()
   * CVE-2020-25717: selftest: configure 'ktest' env with winbindd and
     idmap_autorid
   * CVE-2020-25717: s3:auth: let auth3_generate_session_info_pac() reject a
     PAC in standalone mode
   * CVE-2020-25717: s3:auth: simplify get_user_from_kerberos_info() by
     removing the unused logon_info argument
   * CVE-2020-25717: s3:auth: simplify make_session_info_krb5() by removing
     unused arguments
   * lib: Add dom_sid_str_buf
   * CVE-2020-25717: idmap_nss: verify that the name of the sid belongs to the
     configured domain
   * CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named
     based lookup fails
   * waf: install: Remove installation of PIDL and manpages.
 .
   [ Mathieu Parent ]
   * Drop libparse-pidl-perl package (Closes: #939419)
Checksums-Sha1: 
 7c1a30096180625d416a8a43ce76272ccd071c0a 4249 samba_4.9.5+dfsg-5+deb10u2.dsc
 584e991700124fc657268d62ede53f588a0debaf 273680 samba_4.9.5+dfsg-5+deb10u2.debian.tar.xz
Checksums-Sha256: 
 cf81437e962601a0f02d885b159a33adf8a7ef2e1d3c4ccf6eb5d066aef6fa55 4249 samba_4.9.5+dfsg-5+deb10u2.dsc
 1593518732bcdfc203e36121b05510a273a095c95d29d00e24ac5a5f7797bd20 273680 samba_4.9.5+dfsg-5+deb10u2.debian.tar.xz
Files: 
 7cf4d3af28587032986de521f42e5d69 4249 net optional samba_4.9.5+dfsg-5+deb10u2.dsc
 df9857bead4a4f2141783901691eca6d 273680 net optional samba_4.9.5+dfsg-5+deb10u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmGh/+tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EiGgP/2AdfMqI2D/tsKST+Z6iUH/n22IdNLeI
NixYKRltrPKnYQPpBHv7mCkM0a7O9scxkQCRFiyitaMT2LZ+sNX1r7ZoEsbKMB/x
/yYKLTIxLY+OltMAGy8AkPmgLNI+m1Hrh8jPSfdzIV3/bIlHuIS1WE2k+/W6SwlJ
7YVmTTZNvo82UQA+75oceDSFcnmqMHVrkckOrlc8XBrFTueGssj/2SkiDiZzUrl7
Jb1U1atPuw6tt6kcKK35YI7hGxRM03l1Mm6IGsRYYvFAJTUDNOKEledzitYYGnlo
XgsZotett1CDh0+GF8ToCBFSxy3iQlNGUuZlkt0rDCe/7MAsVKG3pXZipnicFWtN
bbg6xl9745o4p2BZPHrq4B+3PTrJjLuqqCrKJP17lakTLoa0LembdryJFGEfN9jg
1G7mGXSkhslME7TVAPoFLuqXSvUCPyqv7FPhkE660O0xEZfvmcFhTWQWlJ5sW4UV
j0FElwtv49Ms+CGQO7C5milibILU3QXPGb4PvoQgVfu1kR/af3kmQRWURIg5IVak
sm1mfG4hd7sTQYkjJTEOB1NtGHcwImtdvzMzfkVYwv2jCk/puNgDGKcusy8K21ch
gBVR/y6F0V89i4/vK8QY9VZHVt3QK84nqsB6QKyrU4NzQvYhkXwMrhWzen/rCTnJ
kjxxeonRKGAD
=7DJa
-----END PGP SIGNATURE-----