1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted samba 2:4.13.13+dfsg-1~deb11u5 (source) into proposed-updates-

    From Debian FTP Masters@21:1/5 to All on Sat Aug 13 20:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Wed, 10 Aug 2022 00:19:38 +0300
    Source: samba
    Architecture: source
    Version: 2:4.13.13+dfsg-1~deb11u5
    Distribution: bullseye-security
    Urgency: medium
    Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Michael Tokarev <mjt@tls.msk.ru>
    Closes: 1016449
    Changes:
    samba (2:4.13.13+dfsg-1~deb11u5) bullseye-security; urgency=medium
    .
    * 3 patches:
    - CVE-2022-32742-bug-15085-4.13.patch
    - kpasswd_bugs_v15_4-13.patch
    - ldb-memory-bug-15096-4.13-v3.patch
    fixing:
    o CVE-2022-2031: Samba AD users can bypass certain restrictions associated
    with changing passwords.
    https://www.samba.org/samba/security/CVE-2022-2031.html
    o CVE-2022-32742: Server memory information leak via SMB1.
    https://www.samba.org/samba/security/CVE-2022-32742.html
    o CVE-2022-32744: Samba AD users can forge password change requests
    for any user.
    https://www.samba.org/samba/security/CVE-2022-32744.html
    o CVE-2022-32745: Samba AD users can crash the server process with an LDAP
    add or modify request.
    https://www.samba.org/samba/security/CVE-2022-32745.html
    o CVE-2022-32746: Samba AD users can induce a use-after-free in the server
    process with an LDAP add or modify request.
    https://www.samba.org/samba/security/CVE-2022-32746.html
    * Closes: #1016449, CVE-2022-2031 CVE-2022-32742, CVE-2022-32744,
    CVE-2022-32745, CVE-2022-32746
    * Build-Depend on libldb-dev >= 2.2.3-2~deb11u2
    (which includes the new symbols in libldb used by this update)
    * d/rules: use dpkg-query instead of pkg-config to find debian package
    version of libldb-dev, since this is what we actually want, not the
    internal version libldb thinks it is at.
    Checksums-Sha1:
    21686a856d8b933274619f30540192301b137db0 4044 samba_4.13.13+dfsg-1~deb11u5.dsc
    eb322235696de71ccf6d847d21d4277e51ac77dd 11787668 samba_4.13.13+dfsg.orig.tar.xz
    6b466da7331b0397dc81c39acbb4ce4bf9bccc7c 532064 samba_4.13.13+dfsg-1~deb11u5.debian.tar.xz
    3b1f840fa2126430dbf0ad514e5a6fd9be856495 9092 samba_4.13.13+dfsg-1~deb11u5_source.buildinfo
    Checksums-Sha256:
    e422c24ea57573a846f3740820adf22bfd742273b2bd936fb800a86b817b3cda 4044 samba_4.13.13+dfsg-1~deb11u5.dsc
    c4747c211a2050e583d706cf380d48f5d9c1021536a9229fd6ba69e461545c46 11787668 samba_4.13.13+dfsg.orig.tar.xz
    0e8474a1c3a39a4890dddb90d8b704ad4c72db9440b2a4c1f15ae3c25e28963b 532064 samba_4.13.13+dfsg-1~deb11u5.debian.tar.xz
    7ca84f46d0585dda4e9d62bfa604c50b862fa75f821ddb1ce9fd150c1e620249 9092 samba_4.13.13+dfsg-1~deb11u5_source.buildinfo
    Files:
    098a2f0c678ba89cdc322ba522f98570 4044 net optional samba_4.13.13+dfsg-1~deb11u5.dsc
    c272fc38655e965733ba1a9e3aa52019 11787668 net optional samba_4.13.13+dfsg.orig.tar.xz
    0746e1d12b5a0cc8814bd1036c559702 532064 net optional samba_4.13.13+dfsg-1~deb11u5.debian.tar.xz
    9e7cd245b79a270c2280db10d8c06501 9092 net optional samba_4.13.13+dfsg-1~deb11u5_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQFDBAEBCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmLyz/EPHG1qdEB0bHMu bXNrLnJ1AAoJEHAbT2saaT5ZQkUH/iRHQE+cK+YjhpD1gvkSRsIWZdo9/QiOKXc7 JhCAK68FKa6W5JPJYlRsq4lmnNUNjmHM5mS1mvqOtvN5ScCjo8pcKT4OJdktJC7h 30Kuv0hHphWxAzvMcs/VDBpJwole3yKhunRLxxSgaGl3DDEYmOsC+mSDa5DWNE5u QHuOmU/5p9golv+9/x3rk3UM7v0MDNuTSYZQeYW6TWzrJWqnH6tSR4I0ON+Sbuhy 6XMC5+m4tkNDvL+V1slicNnCL30DdDHkLnJW6KalXPSiSOw6CVk+ct9l0q1UoRgI tHBkNJT8al54P1GhMXtxdILNu8zIWyHkxwbIHOIjElhNe2SUm+g=
    =gSdW
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)