diff options
| author | Karolin Seeger <kseeger@samba.org> | 2010-09-09 15:41:40 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2010-09-09 15:41:40 +0200 |
| commit | da9325d02038b5e65873593dece510fa09851772 (patch) | |
| tree | 1adc5580e9dbdbe4afdaf7edb9c9072195ad5391 | |
| parent | 293a8676ee72a635096ff1a1b167ecf6fa525276 (diff) | |
| download | samba-da9325d02038b5e65873593dece510fa09851772.tar.gz samba-da9325d02038b5e65873593dece510fa09851772.tar.xz samba-da9325d02038b5e65873593dece510fa09851772.zip | |
WHATSNEW: Prepare 3.3.14 release notes.
Karolin
| -rw-r--r-- | WHATSNEW.txt | 59 |
1 files changed, 57 insertions, 2 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c63fd1f7e04..70989d1db45 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,59 @@ ============================== + Release Notes for Samba 3.3.14 + September 16, 2010 + ============================== + + +This is a security release in order to address CVE-2010-3069. + + +o CVE-2010-3069: + All current released versions of Samba are vulnerable to + a buffer overrun vulnerability. The sid_parse() function + (and related dom_sid_parse() function in the source4 code) + do not correctly check their input lengths when reading a + binary representation of a Windows SID (Security ID). This + allows a malicious client to send a sid that can overflow + the stack variable that is being used to store the SID in the + Samba smbd server. + + +Changes since 3.3.13 +-------------------- + + +o Jeremy Allison <jra@samba.org> + * BUG 7669: Fix for CVE-2010-3069. + + +o Andrew Bartlett <abartlet@samba.org> + * BUG 7669: Fix for CVE-2010-3069. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.3 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + + ============================== Release Notes for Samba 3.3.13 June 16, 2010 ============================== @@ -39,8 +94,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================== Release Notes for Samba 3.3.12 |