Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by www.NetBSD.org (Postfix) with ESMTP id 2A3F363BAC3 for ; Wed, 27 Jul 2011 06:37:47 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id F2EF614A1E9; Wed, 27 Jul 2011 06:37:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id B92EF14A1C9 for ; Wed, 27 Jul 2011 06:37:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 05CSaCl8Hh-X for ; Wed, 27 Jul 2011 06:37:43 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id E84AF14A1C7 for ; Wed, 27 Jul 2011 06:37:42 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id C4D3E175DD; Wed, 27 Jul 2011 06:37:42 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Wed, 27 Jul 2011 06:37:42 +0000 From: "Steven Drake" Subject: CVS commit: [pkgsrc-2011Q2] pkgsrc/net/samba35 To: pkgsrc-changes@NetBSD.org Reply-To: sbd@netbsd.org X-Mailer: log_accum Message-Id: <20110727063742.C4D3E175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: sbd Date: Wed Jul 27 06:37:42 UTC 2011 Modified Files: pkgsrc/net/samba35 [pkgsrc-2011Q2]: Makefile distinfo Log Message: Pullup ticket #3478 - requested by taca net/samba35 security update. Revisions pulled up: - net/samba35/Makefile 1.8 - net/samba35/distinfo 1.5 --- Module Name: pkgsrc Committed By: taca Date: Wed Jul 27 00:52:20 UTC 2011 Modified Files: pkgsrc/net/samba35: Makefile distinfo Log Message: Update samba35 pacakge to 3.5.10; security fix for swat. ============================== Release Notes for Samba 3.5.10 July 26, 2011 ============================== This is a security release in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability. Please note that SWAT must be enabled in order for these vulnerabilities to be exploitable. By default, SWAT is *not* enabled on a Samba install. Changes since 3.5.9: -------------------- o Kai Blin * BUG 8289: SWAT contains a cross-site scripting vulnerability. * BUG 8290: CSRF vulnerability in SWAT. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.7.2.1 pkgsrc/net/samba35/Makefile cvs rdiff -u -r1.4 -r1.4.2.1 pkgsrc/net/samba35/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.