The branch, master has been updated via 73cdbcd Add CVE-2013-0454 page from 91d4fb8 Update latest stable release.
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 73cdbcdc0605cd76e4f9a3846f68eb3bf65a0aab Author: Lars Müller <l...@samba.org> Date: Wed Mar 27 16:16:30 2013 +0100 Add CVE-2013-0454 page ----------------------------------------------------------------------- Summary of changes: security/CVE-2013-0454.html | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 42 insertions(+), 0 deletions(-) create mode 100644 security/CVE-2013-0454.html Changeset truncated at 500 lines: diff --git a/security/CVE-2013-0454.html b/security/CVE-2013-0454.html new file mode 100644 index 0000000..6137b10 --- /dev/null +++ b/security/CVE-2013-0454.html @@ -0,0 +1,42 @@ +=========================================================== +== Subject: A writable configured share might get read only +== +== CVE ID#: CVE-2013-0454 +== +== Versions: Samba 3.6.0 - 3.6.5 (inclusive) +== +== Summary: A share configuration 'read only = no' might result +== in 'read only = yes' +== +=========================================================== + +=========== +Description +=========== + +Due to a assignment vs equality bug a share reference might get +overwritten. This can lead to 'read only = no' from another share to +leak into a 'read only = yes' share for a subsequent connections. This +is a re-evaluation of an already fixed bug. + +========== +Workaround +========== + +Update to 3.6.6 or apply +http://git.samba.org/?p=samba.git;a=commit;h=15a423bf373a8116a0de7a627eaaea3932541e88 + +================== +Patch Availability +================== + +See above. + +======= +Credits +======= + +The release of this information was driven by Ulf Troppens of IBM +February, 19th 2013. + +The required patch got written by Michael Adam 1st of February 2013. -- Samba Website Repository