Hi James,
The latest package for xenial appears to be
4.3.11+dfsg-0ubuntu0.16.04.13, which means it uses the original
upstream 4.3.11 sources *plus* patches from Ubuntu. This is standard
practice for Ubuntu release, where you don't get upgraded to new
versions of your packages, but you do get security fixes applied to
them.
You can download the Ubuntu packaging source here:
https://launchpad.net/ubuntu/+archive/primary/+files/samba_4.3.11+dfsg-0ubuntu0.16.04.13.debian.tar.xz
In that, under the /debian/patches/ directory, you will see the patches
that fix CVE-2018-1057.
--
Michael Hall
mhall...@gmail.com
On Wed, Mar 21, 2018 at 6:17 AM, James Boland <james.bol...@unipart.io>
wrote:
Sorry Nish, I didn’t realise it was already patched. The newest
ubuntu package was reporting Samba version 4.3.11 whereas Samba.org
had 4.8.0 released. I wasn’t aware these were two separate tracks.
My bad.
Cheers,
James
-----Original Message-----
From: Nish Aravamudan <nish.aravamu...@canonical.com>
Sent: 20 March 2018 20:32
To: James Boland <james.bol...@unipart.io>
Cc: Ubuntu Core developers <ubuntu-devel-discuss@lists.ubuntu.com>
Subject: Re: Samba CVE-2018-1057
Hi James,
On Tue, Mar 20, 2018 at 4:30 AM, James Boland
<james.bol...@unipart.io> wrote:
Hi there,
Are there any plans to upgrade the current Samba package to mitigate
again the recent security bug in CVE-2018-1057 ?
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1057.html
Thanks,
Nish
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
