From 955b273182401180f653deaa09a1277971459f7f Mon Sep 17 00:00:00 2001 From: "Timur I. Bakeyev" Date: Fri, 26 Jun 2009 00:35:25 +0000 Subject: Security update of net/samba32 to the 3.2.13 version. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". Security: CVE-2009-1886, CVE-2009-1888 --- net/samba32/files/patch-configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net/samba32/files/patch-configure.in') diff --git a/net/samba32/files/patch-configure.in b/net/samba32/files/patch-configure.in index b04851d13ebd..7a2a92130820 100644 --- a/net/samba32/files/patch-configure.in +++ b/net/samba32/files/patch-configure.in @@ -1,5 +1,5 @@ ---- configure.in.orig 2009-02-03 16:10:07.000000000 +0000 -+++ configure.in 2009-02-08 16:14:09.000000000 +0000 +--- ./configure.in.orig 2009-06-22 21:05:38.000000000 +0000 ++++ ./configure.in 2009-06-25 23:59:12.000000000 +0000 @@ -184,16 +184,6 @@ fi fi -- cgit v1.2.3