[samba-jp:19466] Re: Patched 3.0.24 tree for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447

TAKAHASHI Motonobu monyo @ monyo.com
2007年 5月 14日 (月) 23:42:22 JST


たかはしもとのぶです。

以下のように、 Samba 3.0.24 に本日公開された脆弱性の修正のみを行った非
公式リリース版が公開されました。

-----
TAKAHASHI, Motonobu (たかはしもとのぶ)         monyo @ monyo.com
                                               http://www.monyo.com/

From: "Gerald (Jerry) Carter" <jerry @ samba.org>
Subject: Patched 3.0.24 tree for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
Date: Mon, 14 May 2007 09:12:51 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folks,

As a small means of community service, I've decided to provide
an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1)
to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
security advisories.


The bzr branch is hosted at
  http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/

The source tarball is available from
  http://download.samba.org/samba/ftp/people/jerry/3.0.24/

The Fedora Core 6 RPMS have been uploaded to
  http://download.samba.org/samba/ftp/Binary_Packages/Fedora/

This is it *not* an official release from samba.org and therefore
has been signed with my GPG private key (ID D83511F6).  The
security issues have been officially fixed in Samba 3.0.25
upgrade release.  However, if you don't want to make the jump
to 3.0.25 just yet, this 3.0.24 based snapshot might be just
for you.




cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian


=========
ATTENTION
=========

The Samba 3.0.24-gc-X releases are not official samba.org releases.
They are cut from a privately maintained branch which can be found
at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/
This is done as a service to community to include backported fixes
to the Samba 3.0.24 release in case people do not wish to upgrade.

The 3.0.24-gc-X tree is not an active development tree but rather
a stable release branch similar to the Linux kernel 2.6.xx.yy releases.
My hope is that this will be helpful to some people.

More information about Samba.org official production releases
may be found at http://www.samba.org/.


cheers, jerry
Gerald Carter
<jerry @ samba.org>


Changes in 3.0.24-gc-1:
- -----------------------

* Merged patches for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447
  (More information available at http://www.samba.org/samba/security/)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGSG5jIR7qMdg1EfYRAv6gAJkBEtpnUCe42B+tnhhXrNeFphMQFwCcCok4
d9zV0yubJmUVK4l94WL+FDU=
=axMU
-----END PGP SIGNATURE-----



samba-jp メーリングリストの案内