---
- branch: MAIN
  date: Wed Jul 27 00:52:20 UTC 2011
  files:
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/net/samba35/Makefile
    pathrev: pkgsrc/net/samba35/Makefile@1.8
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/net/samba35/distinfo
    pathrev: pkgsrc/net/samba35/distinfo@1.5
    type: modified
  id: 20110727T005220Z.30ed11cd880192c1e671b99871c2a2d747978603
  log: "Update samba35 pacakge to 3.5.10; security fix for swat.\n\n                   ==============================\n
    \                  Release Notes for Samba 3.5.10\n\t\t\t   July 26, 2011\n                   ==============================\n\nThis
    is a security release in order to address\nCVE-2011-2522 (Cross-Site Request Forgery
    in SWAT) and\nCVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).\n\no
    \ CVE-2011-2522:\n   The Samba Web Administration Tool (SWAT) in Samba versions\n
    \  3.0.x to 3.5.9 are affected by a cross-site request forgery.\n\no  CVE-2011-2694:\n
    \  The Samba Web Administration Tool (SWAT) in Samba versions\n   3.0.x to 3.5.9
    are affected by a cross-site scripting\n   vulnerability.\n\nPlease note that
    SWAT must be enabled in order for these\nvulnerabilities to be exploitable. By
    default, SWAT\nis *not* enabled on a Samba install.\n\nChanges since 3.5.9:\n--------------------\n\no
    \  Kai Blin <kai@samba.org>\n    * BUG 8289: SWAT contains a cross-site scripting
    vulnerability.\n    * BUG 8290: CSRF vulnerability in SWAT.\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/samba35'
  unixtime: '1311727940'
  user: taca