[Pkg-samba-maint] Bug#820399: How will Jessie get the important upstream security fix for Samba (smb/cifs) badlock (details embargod until April 12, 2016)?
Michael Evans
michael.evans at nor-consult.com
Thu Apr 7 20:22:30 UTC 2016
Package: samba
Version: 2:4.1.17+dfsg-2+deb8u2
Severity: grave
Tags: security,fixed-upstream,wheezy,jessie,sid,experimental
(Severity listed as grave as the scope of the security issue is not yet
public; it may be critical, and a lesser vulnerability level was not
enumerated that reflects a potentially serious security issue.)
The security vulnerability mentioned on samba.org
(https://www.samba.org/samba/latest_news.html ) (links to
http://badlock.org/ ) will only be released for Samba versions in the 4.2
and higher releases; as Debian Stable (Jessie) presently has a 4.1.x release
it will not receive this patch.
The severity and impact of not releasing an updated upstream version is
unknown, and I am quite worried that there isn't a backports version of the
Samba packages to use a version that should (easily) have the security patch
included.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20160407/bb08fdba/attachment.html>
More information about the Pkg-samba-maint
mailing list