Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-commits
Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-commits@g.o
From: "Pierre-Yves Rofes (py)" <py@g.o>
Subject: gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-29.xml
Date: Wed, 05 Dec 2007 23:17:05 +0000
py          07/12/05 23:17:05

  Modified:             glsa-200711-29.xml
  Version 3.0.27 fixes 2nd vulnerability.

Revision  Changes    Path
1.2                  xml/htdocs/security/en/glsa/glsa-200711-29.xml

file :
diff :

Index: glsa-200711-29.xml
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-200711-29.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- glsa-200711-29.xml	20 Nov 2007 21:15:24 -0000	1.1
+++ glsa-200711-29.xml	5 Dec 2007 23:17:04 -0000	1.2
@@ -7,17 +7,17 @@
   <title>Samba: Execution of arbitrary code</title>
     Samba contains two buffer overflow vulnerabilities potentially resulting in
-    the execution of arbitrary code, one of which is currently unfixed.
+    the execution of arbitrary code.
   <product type="ebuild">samba</product>
   <announced>November 20, 2007</announced>
-  <revised>November 20, 2007: 01</revised>
+  <revised>December 05, 2007: 03</revised>
     <package name="net-fs/samba" auto="yes" arch="*">
-      <unaffected range="ge">3.0.26a-r2</unaffected>
-      <vulnerable range="lt">3.0.26a-r2</vulnerable>
+      <unaffected range="ge">3.0.27a</unaffected>
+      <vulnerable range="lt">3.0.27a</vulnerable>
@@ -37,7 +37,7 @@
   <impact type="high">
-    To exploit the first vulnerability a remote unauthenticated attacker
+    To exploit the first vulnerability, a remote unauthenticated attacker
     could send specially crafted WINS "Name Registration" requests followed
     by a WINS "Name Query" request. This might lead to execution of
     arbitrary code with elevated privileges. Note that this vulnerability
@@ -57,20 +57,14 @@
-    The Samba 3.0.27 ebuild that resolves both vulnerabilities is currently
-    masked due to a regression in the patch for the second vulnerability.
-    </p>
-    <p>
-    Since no working patch exists yet, all Samba users should upgrade to
-    3.0.26a-r2, which contains a fix for the first vulnerability
-    (CVE-2007-5398):
+    All Samba users should upgrade to the latest version:
     # emerge --sync
-    # emerge --ask --oneshot --verbose &quot;&gt;=net-fs/samba-3.0.26a-r2&quot;</code>
+    # emerge --ask --oneshot --verbose &quot;&gt;=net-fs/samba-3.0.27a&quot;</code>
-    An update to this temporary GLSA will be sent when the second
-    vulnerability will be fixed.
+    The first vulnerability (CVE-2007-5398) was already fixed in Samba
+    3.0.26a-r2.

gentoo-commits@g.o mailing list

Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
gentoo commit in xml/htdocs/security/en/glsa: glsa-200711-29.xml
Next by thread:
gentoo-x86 commit in dev-python/gnuplot-py: ChangeLog gnuplot-py-1.7-r2.ebuild
Previous by date:
gentoo-x86 commit in xfce-base/xfce4-panel: ChangeLog xfce4-panel-4.4.1-r2.ebuild
Next by date:
gentoo-x86 commit in net-libs/libsoup: ChangeLog libsoup-2.2.104.ebuild

Updated Jun 23, 2012

Summary: Archive of the gentoo-commits mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.