Back to samba PTS page

Accepted samba 2:4.17.10+dfsg-0+deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted samba 2:4.17.10+dfsg-0+deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 15 Aug 2023 13:47:08 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: samba_4.17.10+dfsg-0+deb12u1_source.changes
Debian-source: samba
Debian-suite: proposed-updates
Debian-version: 2:4.17.10+dfsg-0+deb12u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=D6nrln47DXCN7TBucAgpxZLLkj6I0v+3dYiQ7mtamCQ=; b=RVNCsxWak7tWH9tLohE/ZqEazL bQv2deLYnAnqBXi5YssgS3QMCi/gykbarOw9DuB5BkMOvQcx6w6LFVGPC1QPTSVqcl6xMKyzHfG8A ZD4DXWZGhXS0Y+HbvcYp12ynYSlraOU/b7cPJveH5IWn59OuLfH+f/AtS4C58994iRkvm/CYn4lon VOlfYpfx/EcYc4FRUwy+ylKS+TshCR4mb2e5fAnMCjNk03xhIOmo5gaz8zSmU9g4Uh9Nua83dAKi+ qliz9PssBOWm2tus3aTDiaIhagpFNye9YZQcvKzCHYR78hwVuWEJq+SYtX42RFUI2hKLHmg8FuXmx 5G9VrLYA==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1qVuO4-0091gI-Fs@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Jul 2023 17:55:58 +0300
Source: samba
Architecture: source
Version: 2:4.17.10+dfsg-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
Changed-By: Michael Tokarev <mjt@tls.msk.ru>
Closes: 1041043
Changes:
 samba (2:4.17.10+dfsg-0+deb12u1) bookworm-security; urgency=medium
 .
   * new upstream stable/security release 4.17.10, including:
    o CVE-2022-2127:  When winbind is used for NTLM authentication,
      a maliciously crafted request can trigger an out-of-bounds read
      in winbind and possibly crash it.
      https://www.samba.org/samba/security/CVE-2022-2127.html
    o CVE-2023-3347:  SMB2 packet signing is not enforced if an admin
      configured "server signing = required" or for SMB2 connections to
      Domain Controllers where SMB2 packet signing is mandatory.
      https://www.samba.org/samba/security/CVE-2023-3347.html
    o CVE-2023-34966: An infinite loop bug in Samba's mdssvc RPC service
      for Spotlight can be triggered by an unauthenticated attacker by
      issuing a malformed RPC request.
      https://www.samba.org/samba/security/CVE-2023-34966.html
    o CVE-2023-34967: Missing type validation in Samba's mdssvc RPC service
      for Spotlight can be used by an unauthenticated attacker to trigger
      a process crash in a shared RPC mdssvc worker process.
      https://www.samba.org/samba/security/CVE-2023-34967.html
    o CVE-2023-34968: As part of the Spotlight protocol Samba discloses
      the server-side absolute path of shares and files and directories
      in search results.
      https://www.samba.org/samba/security/CVE-2023-34968.html
    o BUG 15418: Secure channel faulty since Windows 10/11 update 07/2023.
      https://bugzilla.samba.org/show_bug.cgi?id=15418
      (this has been patched in the previous upload; Closes: #1041043)
Checksums-Sha1:
 0c4f92a3408fb816863a239df3c3cdda27089ae9 4454 samba_4.17.10+dfsg-0+deb12u1.dsc
 d02a6567d4cab387d3d3107ba65dbc5bbf3c3cca 18206276 samba_4.17.10+dfsg.orig.tar.xz
 01a5edeabcc2d20e764499693eb84e3cfaf41c64 271772 samba_4.17.10+dfsg-0+deb12u1.debian.tar.xz
 a0ad79e8fead1344ef4fd4fc507b61f4fd17698e 6384 samba_4.17.10+dfsg-0+deb12u1_source.buildinfo
Checksums-Sha256:
 e9490e4a8aee1d17c5e71a46809d89f2a5a0bdd1fe21893d86d28bf3652cb982 4454 samba_4.17.10+dfsg-0+deb12u1.dsc
 79cdf385091b96aa53fac0cbd5946ba0f0f051ed323f71e69990a25019e1fc94 18206276 samba_4.17.10+dfsg.orig.tar.xz
 ebcbac3e7a3045ac06a1d18f22b7f529aa502f377d30685df119aca954ac2f0a 271772 samba_4.17.10+dfsg-0+deb12u1.debian.tar.xz
 b58a38f380a70f5c8803a2725e6470f2253837beba189256d192e0c55e2cf62e 6384 samba_4.17.10+dfsg-0+deb12u1_source.buildinfo
Files:
 5c36bd1df04a72c068f1f6625d3bb6b1 4454 net optional samba_4.17.10+dfsg-0+deb12u1.dsc
 e01fdb78ab4887d2001e1b3d0545a7de 18206276 net optional samba_4.17.10+dfsg.orig.tar.xz
 8c4a830743ff198634f1981914984d8c 271772 net optional samba_4.17.10+dfsg-0+deb12u1.debian.tar.xz
 45be04c34016238c434ccc9ee3f008f7 6384 net optional samba_4.17.10+dfsg-0+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCgAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmS3/ioPHG1qdEB0bHMu
bXNrLnJ1AAoJEHAbT2saaT5ZX84H/jd3fmepwqzUoQZLL//tX6SVvEm7XGdIgnPC
9aFwsIbH/kBFtGe2/tpAFN6UawwWqiXynKsbBe8rlpOgclDKmauUENVsZZVgIHZH
5ZkTguzO4D4dgi9OWqx+mAjdyWopHyVVIjXGvpF+6sI31eVlkeXRfwfYykl4pIK4
fXOVZbIdS83L/1RUzs6PZdzSCfIOmzCizA+F2X8K+/+d9z8EANk0BbNER92OS82C
Dr53Rz6JmwQRzSAiDRRwj/xucGXczDcTurE7pLazOntslfXC+Ty7XdLY9x79uH+t
toTWaRSErpzBezv1h/8+jkPJhfmEfKI20jITuSWt8T+ojSi5QF4=
=hXEQ
-----END PGP SIGNATURE-----