Bug 290633 (CVE-2009-2906)

Comment 1 Tobias Heinlein (RETIRED) 2009-10-26 21:07:09 UTC

Maintainers, please bump/provide a fixed ebuild.

Comment 2 Tobias Heinlein (RETIRED) 2009-10-26 21:08:12 UTC

CVE-2009-2948 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2948):
  mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before
  3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root,
  does not properly enforce permissions, which allows local users to
  read part of the credentials file and obtain the password by
  specifying the path to the credentials file and using the --verbose
  or -v option.

Comment 3 Patrick Lauer 2009-11-02 11:13:02 UTC

All ebuilds are there:
samba-3.0.37.ebuild
samba-3.2.15.ebuild
samba-3.3.9.ebuild (plus split ebuilds)
samba-3.4.3.ebuild (plus split ebuilds)

only stable version was 3.0, so I suggest stabling 3.0.37.

Comment 4 Robert Buchholz (RETIRED) 2009-11-04 02:34:49 UTC

Arches, please test and mark stable:
=net-fs/samba-3.0.37
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 5 Markus Meier 2009-11-04 11:16:23 UTC

amd64/x86 stable

Comment 6 Markus Meier 2009-11-04 14:07:36 UTC

arm stable

Comment 7 Raúl Porcel (RETIRED) 2009-11-05 16:10:01 UTC

alpha/ia64/s390/sh/sparc stable

Comment 8 Jeroen Roovers (RETIRED) 2009-11-05 19:57:39 UTC

Stable for HPPA.

Comment 9 Brent Baude (RETIRED) 2009-11-17 16:47:20 UTC

ppc64 done

Comment 10 nixnut (RETIRED) 2009-11-21 20:01:03 UTC

ppc stable

Comment 11 Stefan Behte (RETIRED) 2009-12-18 01:54:04 UTC

Vote: yes.

Comment 12 Alex Legler (RETIRED) 2010-08-12 20:44:13 UTC

Vote: YES, together with the rest.

Comment 13 GLSAMaker/CVETool Bot 2012-06-24 13:04:52 UTC

This issue was resolved and addressed in
 GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml
by GLSA coordinator Sean Amoss (ackle).