tag 858564 pending
thanks
Hello,
Bug #858564 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/pkg-samba/samba.git/commit/?id=a88130d
---
commit a88130d25e6fddd56259044af3fb01057a39c652
Author: Mathieu Parent
Date: Thu Mar 30 22:15:47 2017 +0200
Release 2:4.2.14+dfsg-0+deb8u5
diff --git a/debian/changelog b/debian/changelog
index a7f1de5..57b2ce1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+samba (2:4.2.14+dfsg-0+deb8u5) jessie-security; urgency=high
+
+ * This is a security release in order to fix regressions from CVE-2017-2619
+ * Fix "follow symlink = no" (Closes: #858564)
+- s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496
+ (CVE-2017-2619).
+- s3: smbd: Fix "follow symlink = no" regression part 2.
+- s3: smbd: Fix "follow symlink = no" regression part 2.
+ * Fix shadow_copy2 (Closes: #858648, #858590)
+- vfs_shadow_copy: handle non-existant files and wildcards
+- vfs_shadow_copy2: fix crash in 4.2.x backport
+- vfs_shadow_copy2: add a blackbox test suite
+- s3: libsmb: Correctly align create contexts in a create call.
+- s3: libsmb: Add return args to clistr_is_previous_version_path().
+- s3: libsmb: Add cli_smb2_shadow_copy_data() function that gets shadow
copy
+ info over SMB2.
+- s3: libsmb: Plumb new SMB2 shadow copy call into cli_shadow_copy_data().
+- s3: libsmb: Add the capability to find a @GMT- path in an SMB2 create and
+ transform to a timewarp token.
+- s2-selftest: run shadow_copy2 test both in NT1 and SMB3 modes
+- selftest: add content to files created during shadow_copy2 test
+- selftest: check file readability in shadow_copy2 test
+- selftest: test listing directories inside snapshots
+
+ -- Mathieu Parent Thu, 30 Mar 2017 22:15:40 +0200
+
samba (2:4.2.14+dfsg-0+deb8u4) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.