-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 23 November 2002 05:21, Wichert Akkerman wrote: > Package : samba > Problem type : remote exploit > Debian-specific: no > > Steve Langasek found an exploitable bug in the password handling > code in samba: when converting from DOS code-page to little endian > UCS2 unicode a buffer length was not checked and a buffer could > be overflowed. There is no known exploit for this, but an upgrade > is strongly recommended. > > This problem has been fixed in version 2.2.3a-12 of the Debian > samba packages and upstream version 2.2.7.
Hmm, from the version numbers (2.2.3a-6 to 2.2.3a-12) and changelog entries since the version in stable it looks as if this upgrade does a little more than just fix the security problem. Whatever happened to just backporting the security fix? - -- Olaf Meeuwissen GnuPG key: 91114EAF/C3E1 2D40 C7CC AEB2 FB15 8BDF 60C2 5B3F 9111 4EAF -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE94gh/YMJbP5ERTq8RAqqKAJ0dSXqwMlWAW8ybI/rypU3wK+yPlwCeOGG4 2KGV9KVjWT1tizDIgsBy8KM= =Sask -----END PGP SIGNATURE-----