In message <[EMAIL PROTECTED]>, Steve Kemp writes:
>Package: samba
>Vulnerability : several
>Problem type : remote
>Debian-specific: no
>CVE Id(s) : CVE-2007-4572, CVE-2007-5398
>[...]
>For the stable distribution (etch), these problems have been fixed in
>version 3.0.24-6etch7.
There doesn't appear to be a i386 package for Samba version
3.0.24-6etch7 on any of the security.debian.org servers. Only a
3.0.24-6etch6 package. AMD64 and most other architectures seem to have
3.0.24-6etch7 and not 3.0.24-6etch6 packages.
According to the change log this means that one regression is missing
in the i386 packages (6etch6):
-=- cut here -=-
samba (3.0.24-6etch7) stable-security; urgency=low
* Fix for one final regression related to the fix for CVE-2007-4572,
pulled from upstream. Thanks to Santiago Garcia Mantinan
<[EMAIL PROTECTED]> for catching this.
-- Steve Langasek <[EMAIL PROTECTED]> Sat, 24 Nov 2007 02:17:06 -0800
-=- cut here -=-
For example:
-=- cut here -=-
ftp> cd debian-security/pool/updates/main/s/samba/
250 Directory successfully changed.
ftp> ls samba-common*etch*i386*
227 Entering Passive Mode (128,31,0,36,95,228)
150 Here comes the directory listing.
-rw-rw-r--1 1176 1176 2381022 May 30 10:30
samba-common_3.0.24-6etch4_i386.deb
-rw-rw-r--1 1176 1176 2381196 Nov 15 22:35
samba-common_3.0.24-6etch5_i386.deb
-rw-rw-r--1 1176 1176 2381264 Nov 23 13:25
samba-common_3.0.24-6etch6_i386.deb
226 Directory send OK.
ftp> ls samba-common*etch*amd64*
227 Entering Passive Mode (128,31,0,36,172,122)
150 Here comes the directory listing.
-rw-rw-r--1 1176 1176 2596688 Jun 01 07:00
samba-common_3.0.24-6etch4_amd64.deb
-rw-rw-r--1 1176 1176 2595582 Nov 22 20:45
samba-common_3.0.24-6etch5_amd64.deb
-rw-rw-r--1 1176 1176 2597004 Nov 24 11:05
samba-common_3.0.24-6etch7_amd64.deb
226 Directory send OK.
ftp>
-=- cut here -=-
(But the same thing seems to be true for the entire samba suite.)
Will new i386 packages be built? Or does that regression not affect i386?
Ewen
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]