diff options
| author | Karolin Seeger <kseeger@samba.org> | 2011-07-24 21:24:27 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2011-07-24 21:24:27 +0200 |
| commit | 315437d3d5a503b2d17c8a01f0e2c088febb041a (patch) | |
| tree | ea50387689ba071f0a9380a723459b11077c708d | |
| parent | d4ae73b58acc3e32031f23747e9a6990fc2d414e (diff) | |
| download | samba-315437d3d5a503b2d17c8a01f0e2c088febb041a.tar.gz samba-315437d3d5a503b2d17c8a01f0e2c088febb041a.tar.xz samba-315437d3d5a503b2d17c8a01f0e2c088febb041a.zip | |
WHATSNEW: Update release notes.
Karolin
| -rw-r--r-- | WHATSNEW.txt | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b14e254c37f..b18c9020a7f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,20 +1,37 @@ ============================== Release Notes for Samba 3.4.14 - , 2011 + July 26, 2011 ============================== -This is the latest stable release of Samba 3.4. +This is a security release in order to address +CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and +CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). + + +o CVE-2011-2522: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site request forgery. + -Major enhancements in Samba 3.4.14 include: +o CVE-2011-2694: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site scripting + vulnerability. + +Please note that SWAT must be enabled in order for these +vulnerabilities to be exploitable. By default, SWAT +is *not* enabled on a Samba install. -o Changes since 3.4.13 -------------------- -o +o Kai Blin <kai@samba.org> + * BUG 8289: SWAT contains a cross-site scripting vulnerability. + * BUG 8290: CSRF vulnerability in SWAT. + ###################################################################### Reporting bugs & Development Discussion |