---
- branch: MAIN
  date: Sun Oct  4 16:58:38 UTC 2009
  files:
  - new: '1.196'
    old: '1.195'
    path: pkgsrc/net/samba/Makefile
    pathrev: pkgsrc/net/samba/Makefile@1.196
    type: modified
  - new: '1.72'
    old: '1.71'
    path: pkgsrc/net/samba/distinfo
    pathrev: pkgsrc/net/samba/distinfo@1.72
    type: modified
  - new: '1.33'
    old: '1.32'
    path: pkgsrc/net/samba/patches/patch-aa
    pathrev: pkgsrc/net/samba/patches/patch-aa@1.33
    type: modified
  - new: '1.14'
    old: '1.13'
    path: pkgsrc/net/samba/patches/patch-at
    pathrev: pkgsrc/net/samba/patches/patch-at@1.14
    type: modified
  - new: '1.11'
    old: '1.10'
    path: pkgsrc/net/samba/patches/patch-au
    pathrev: pkgsrc/net/samba/patches/patch-au@1.11
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/net/samba/patches/patch-bg
    pathrev: pkgsrc/net/samba/patches/patch-bg@1.3
    type: modified
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/net/samba/patches/patch-bo
    pathrev: pkgsrc/net/samba/patches/patch-bo@1.6
    type: modified
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/net/samba/patches/patch-bw
    pathrev: pkgsrc/net/samba/patches/patch-bw@1.6
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/net/samba/patches/patch-bp
    pathrev: pkgsrc/net/samba/patches/patch-bp@1.5
    type: modified
  - new: '1.9'
    old: '1.8'
    path: pkgsrc/net/samba/patches/patch-bu
    pathrev: pkgsrc/net/samba/patches/patch-bu@1.9
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/net/samba/patches/patch-ci
    pathrev: pkgsrc/net/samba/patches/patch-ci@1.1
    type: added
  id: 20091004T165838Z.7d0826197d52bcf264412b98b583e69c61939fe7
  log: |
    Update samba package to 3.0.37.

    This is a security release in order to address CVE-2009-2813, CVE-2009-2948
    and CVE-2009-2906.
    Please note that Samba 3.0 is not maintained any longer. This security
    release is shipped on a voluntary basis.

       o CVE-2009-2813:
         In all versions of Samba later than 3.0.11, connecting to the home
         share of a user will use the root of the filesystem
         as the home directory if this user is misconfigured to have
         an empty home directory in /etc/passwd.

       o CVE-2009-2948:
         If mount.cifs is installed as a setuid program, a user can pass it a
         credential or password path to which he or she does not have access and
         then use the --verbose option to view the first line of that file.

       o CVE-2009-2906:
         Specially crafted SMB requests on authenticated SMB connections can
         send smbd into a 100% CPU loop, causing a DoS on the Samba server.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/samba'
  unixtime: '1254675518'
  user: taca