• Accepted samba 2:4.13.13+dfsg-1~deb11u2 (source) into proposed-updates-

    From Debian FTP Masters@21:1/5 to All on Sun Nov 21 18:50:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 04 Nov 2021 23:20:37 +0100
    Source: samba
    Architecture: source
    Version: 2:4.13.13+dfsg-1~deb11u2
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Mathieu Parent <sathieu@debian.org>
    Changes:
    samba (2:4.13.13+dfsg-1~deb11u2) bullseye-security; urgency=high
    .
    * This is a security release in order to address the following defects:
    - CVE-2016-2124: don't fallback to non spnego authentication if we require
    kerberos
    - MS CVE-2020-17049 in Samba: 'Bronze bit' S4U2Proxy Constrained Delegation
    bypass
    - CVE-2020-25717: A user on the domain can become root on domain members
    - CVE-2020-25718: An RODC can issue (forge) administrator tickets to other
    servers
    + Bump build-depends ldb >= 2.2.3
    - CVE-2020-25719: AD DC Username based races when no PAC is given
    - CVE-2020-25721: Kerberos acceptors need easy access to stable AD
    identifiers (eg objectSid)
    - CVE-2020-25722: AD DC UPN vs samAccountName not checked (top-level bug
    for AD DC validation issues)
    - CVE-2021-3738: crash in dsdb stack
    - CVE-2021-23192: dcerpc requests don't check all fragments against the
    first auth_state
    + Update d/samba-libs.install for libdcerpc-pkt-auth.so.0 Checksums-Sha1:
    b34690a62a3af51f7fb0cbb72608734e3ac76512 4388 samba_4.13.13+dfsg-1~deb11u2.dsc
    4b8f66a3c70db8c2a93728a74198e4acd32879e6 458604 samba_4.13.13+dfsg-1~deb11u2.debian.tar.xz
    cc3e20067933983e8eb9a1283177d5d416cc1c2c 7462 samba_4.13.13+dfsg-1~deb11u2_source.buildinfo
    Checksums-Sha256:
    da40f469fbb124ef50605297cef58ff517b86d6ba0ed4f176da670567cdfa4c7 4388 samba_4.13.13+dfsg-1~deb11u2.dsc
    3ab874f251578abbc8c5ea0bddeabb29852e2a6bd90f604cf4e4f87f4832bac1 458604 samba_4.13.13+dfsg-1~deb11u2.debian.tar.xz
    21c6f0dadb1811c0a18e80bf5251a8b9632fcd8cf2118405600c56133bae6f8f 7462 samba_4.13.13+dfsg-1~deb11u2_source.buildinfo
    Files:
    8316d0d6ebdf632bcbcc88f49798420b 4388 net optional samba_4.13.13+dfsg-1~deb11u2.dsc
    a1cd480db8ff781df919a597889744ad 458604 net optional samba_4.13.13+dfsg-1~deb11u2.debian.tar.xz
    4eece008a37300c6fc5c3dc1d09dc624 7462 net optional samba_4.13.13+dfsg-1~deb11u2_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJHBAEBCgAxFiEEqqWLhC6ILPQU4Lqxp8cqHHgrjD8FAmGE2xsTHHNhdGhpZXVA ZGViaWFuLm9yZwAKCRCnxyoceCuMPyVTEAC50FrL2h3FrXgq8yZOjBF4eFLXknmb 83GdWq7/oVXWa2ukCyKDNkgk9q88mV1TS1hI4OMe1KxysYwmT/SKWKsyuNc+AaN5 +TWkx9mXhFAH+B+TNJHk/cAQoB/AH0MBOWTl3O+gUzchyjVoErKWZ/n4iu5+rjQz YqjJLkdRZwHyixyIVZRL9aTlRdzQqvVMw8NA7R0N6JeZ3Cd8mtYppLn82DcZsT7s X3A2BYXbfRIOwBoYNBfWcRUIIp3FJkoSRE4j9FjnNv9UyVJD76D8uNP3MmU+Pyce 0YVjdqEfSq5Kvq/yI7sEQb3sII4r3LbTqO9lQLhk3lwbloFrl5CvrRcDwrOxUnoe jojn8IkYPiCGI9w8UEL64dnh3axr9OjCrlXc09KpheNLuO2AjrGZK8Lb1KJxgcmk +vOjKK6d1K1PE0REWt/soRWo2UWO6+RMV+9SixDjxCfwpYtVkwmFLJDwYmYC0++8 BtQwnDR3e+8cG1zNXZdoXQqAyTV+0pmkQomVzSj9g0XSe/OLeMIY0DYAAFqeWxLV JPViX4VPVdmAD08zss0Li/2krS+EUPdxJORs5wHhXA8vXrlw+dypwr054KeuexoG pMNPeJYWpPLnzzGGB6+S4blamccG/cZFiMWkY+prwd4BQmSKd+NYwSc1VcU0fbLS pfaNU5xo1zn1sg==
    =2sng
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)