--- - branch: pkgsrc-2011Q2 date: Wed Jul 27 06:37:42 UTC 2011 files: - new: 1.7.2.1 old: '1.7' path: pkgsrc/net/samba35/Makefile pathrev: pkgsrc/net/samba35/Makefile@1.7.2.1 type: modified - new: 1.4.2.1 old: '1.4' path: pkgsrc/net/samba35/distinfo pathrev: pkgsrc/net/samba35/distinfo@1.4.2.1 type: modified id: 20110727T063742Z.00844f7a653c01f93d79d5d2f4acd708aedf6c3c log: "Pullup ticket #3478 - requested by taca\nnet/samba35 security update.\n\nRevisions pulled up:\n- net/samba35/Makefile 1.8\n- net/samba35/distinfo 1.5\n\n---\n Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tWed Jul 27 00:52:20 UTC 2011\n\n \ Modified Files:\n \tpkgsrc/net/samba35: Makefile distinfo\n\n Log Message:\n \ Update samba35 pacakge to 3.5.10; security fix for swat.\n\n ==============================\n \ Release Notes for Samba 3.5.10\n \t\t\t July 26, 2011\n \ ==============================\n\n This is a security release in order to address\n CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and\n CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).\n\n o CVE-2011-2522:\n \ The Samba Web Administration Tool (SWAT) in Samba versions\n 3.0.x to 3.5.9 are affected by a cross-site request forgery.\n\n o CVE-2011-2694:\n \ The Samba Web Administration Tool (SWAT) in Samba versions\n 3.0.x to 3.5.9 are affected by a cross-site scripting\n vulnerability.\n\n Please note that SWAT must be enabled in order for these\n vulnerabilities to be exploitable. By default, SWAT\n is *not* enabled on a Samba install.\n\n Changes since 3.5.9:\n --------------------\n\n o Kai Blin \n * BUG 8289: SWAT contains a cross-site scripting vulnerability.\n * BUG 8290: CSRF vulnerability in SWAT.\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2011Q2] pkgsrc/net/samba35' unixtime: '1311748662' user: sbd