1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted samba 2:4.13.13+dfsg-1~deb11u3 (source) into proposed-updates-

    From Debian FTP Masters@21:1/5 to All on Sun Feb 13 23:40:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 03 Feb 2022 21:54:02 +0100
    Source: samba
    Architecture: source
    Version: 2:4.13.13+dfsg-1~deb11u3
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org>
    Closes: 1001068 1004693 1004694
    Changes:
    samba (2:4.13.13+dfsg-1~deb11u3) bullseye-security; urgency=high
    .
    * Non-maintainer upload by the Security Team.
    * Add patches for CVE-2022-0336 (Closes: #1004694)
    - CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added
    SPN.
    - CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is
    re-added to an object.
    * Add patches for CVE-2021-44142 (Closes: #1004693)
    - CVE-2021-44142: libadouble: add defines for icon lengths.
    - CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list
    of private Samba xattrs.
    - CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
    - CVE-2021-44142: libadouble: add basic cmocka tests.
    - CVE-2021-44142: libadouble: harden parsing code.
    * Add patches to address "The CVE-2020-25717 username map [script] advice
    has undesired side effects for the local nt token" (Closes: #1001068)
    - CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to
    the configured domain
    - CVE-2020-25717: tests/krb5: Add method to automatically obtain server
    credentials
    - CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make
    room for new accounts
    - CVE-2020-25717: selftest: turn ad_member_no_nss_wb into
    ad_member_idmap_nss
    - CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to
    SIDs
    - CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the
    named based lookup fails
    Checksums-Sha1:
    62595a0c2cd92a646f2ee32ef98a9b7f12737a74 4514 samba_4.13.13+dfsg-1~deb11u3.dsc
    9a5f54933e1409a4c403e4a4d7f122071af9700d 467700 samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz
    Checksums-Sha256:
    0d84245dfa8ac468b5f50910d1942bac515c8d17e08261390f8ce8a422ba9a05 4514 samba_4.13.13+dfsg-1~deb11u3.dsc
    b053b5d46c3f42c6167312a640f0b73972c2e8c9e87405e5559e3fb91fd5fe89 467700 samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz
    Files:
    1241d6789653e4eea6b82fa627468dda 4514 net optional samba_4.13.13+dfsg-1~deb11u3.dsc
    e25800062ba55e437c3e036c6e023a89 467700 net optional samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmH8RsRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EhxQQAJv0xn6HV0bmHW4BvocvQ+fkei30Qs3x mnGRMlIJo/3zRjr/813Ia9ZiFSBT/TTvxnvlr+1Fk+zJSRALpyoXtqQ/GXpwOa10 eEX5AK9rwBm5XAVK45OchrrX4yXYcqG8/SRZzcJo/RDJApTBYM2zSS5LOkfX0xE+ m+GqTPbp1PHFDe2BJnQZnt1hhtIVaNvGP/Mf/6OWqjWUlRPGhp9AgjUr+ffPGtx3 0HIZ61GRB0Uxr3mgRQvhzWZJYQ+/XU6hMNS+EBV9NbXIQY+XOOiRLagZlYi4I52a 42RcCi+6gXjPwIrJqSsSZTOafSZQox3sszEohBcH1gN0htFI3KfmzEdZWyIoaX2Y GTRckvx9bG+WgPyVESSS+gBGBwQgx9hg2Ae0an5C8PpcmFECcl7b+meiNwVqF3MR +LuIRvlC2cgv2PUMXfoedsA98UVkLGxSJk9MJ+1Gsldhy6EhdSjQqsLIKkYmf7Yj oFJFJ6np2u7j7HAUEZrAXmuEm+vJW62VuhE5f1ZKyhI0D4u7Sus2pr3+5hdEc8m0 HCcgcgbkuxxan+N+5WM+s3OngZQAWxNEPVtszxu/TpRNcLF9122lcrmiVYWmj5uz f81juB9L5VBCuUMQBO7FBS87XJ4tfqmIfL1gTOiAmAU+lwYXI9Jy43s/XU7hTbtf
    7kiZHZ4gcsk+
    =lSxZ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)