--- - branch: MAIN date: Mon Aug 12 02:45:55 UTC 2013 files: - new: '1.237' old: '1.236' path: pkgsrc/net/samba/Makefile pathrev: pkgsrc/net/samba/Makefile@1.237 type: modified - new: '1.92' old: '1.91' path: pkgsrc/net/samba/distinfo pathrev: pkgsrc/net/samba/distinfo@1.92 type: modified - new: '1.15' old: '1.14' path: pkgsrc/net/samba/patches/patch-ac pathrev: pkgsrc/net/samba/patches/patch-ac@1.15 type: modified - new: '1.19' old: '1.18' path: pkgsrc/net/samba/patches/patch-ad pathrev: pkgsrc/net/samba/patches/patch-ad@1.19 type: modified - new: '1.11' old: '1.10' path: pkgsrc/net/samba/patches/patch-ae pathrev: pkgsrc/net/samba/patches/patch-ae@1.11 type: modified - new: '1.11' old: '1.10' path: pkgsrc/net/samba/patches/patch-ba pathrev: pkgsrc/net/samba/patches/patch-ba@1.11 type: modified - new: '1.12' old: '1.11' path: pkgsrc/net/samba/patches/patch-af pathrev: pkgsrc/net/samba/patches/patch-af@1.12 type: modified - new: '1.7' old: '1.6' path: pkgsrc/net/samba/patches/patch-ah pathrev: pkgsrc/net/samba/patches/patch-ah@1.7 type: modified - new: '1.7' old: '1.6' path: pkgsrc/net/samba/patches/patch-ai pathrev: pkgsrc/net/samba/patches/patch-ai@1.7 type: modified - new: '1.7' old: '1.6' path: pkgsrc/net/samba/patches/patch-aj pathrev: pkgsrc/net/samba/patches/patch-aj@1.7 type: modified - new: '1.6' old: '1.5' path: pkgsrc/net/samba/patches/patch-ak pathrev: pkgsrc/net/samba/patches/patch-ak@1.6 type: modified - new: '1.4' old: '1.3' path: pkgsrc/net/samba/patches/patch-an pathrev: pkgsrc/net/samba/patches/patch-an@1.4 type: modified - new: '1.4' old: '1.3' path: pkgsrc/net/samba/patches/patch-ao pathrev: pkgsrc/net/samba/patches/patch-ao@1.4 type: modified - new: '1.4' old: '1.3' path: pkgsrc/net/samba/patches/patch-aq pathrev: pkgsrc/net/samba/patches/patch-aq@1.4 type: modified - new: '1.4' old: '1.3' path: pkgsrc/net/samba/patches/patch-as pathrev: pkgsrc/net/samba/patches/patch-as@1.4 type: modified - new: '1.4' old: '1.3' path: pkgsrc/net/samba/patches/patch-aw pathrev: pkgsrc/net/samba/patches/patch-aw@1.4 type: modified - new: '1.5' old: '1.4' path: pkgsrc/net/samba/patches/patch-av pathrev: pkgsrc/net/samba/patches/patch-av@1.5 type: modified - new: '1.5' old: '1.4' path: pkgsrc/net/samba/patches/patch-bb pathrev: pkgsrc/net/samba/patches/patch-bb@1.5 type: modified id: 20130812T024555Z.cfe0c4d72f9883c34f5e4f40b85f624672ed36ca log: | Update samba to 3.6.17, security release. ============================== Release Notes for Samba 3.6.17 August 05, 2013 ============================== This is a security release in order to address CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause server to loop with DOS). o CVE-2013-4124: All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed. This flaw is not exploitable beyond causing the code to loop allocating memory, which may cause the machine to exceed memory limits. Changes since 3.6.16: --------------------- o Jeremy Allison * BUG 10010: CVE-2013-4124: Missing integer wrap protection in EA list reading can cause server to loop with DOS. module: pkgsrc subject: 'CVS commit: pkgsrc/net/samba' unixtime: '1376275555' user: taca