Summary: | <net-fs/samba-{4.6.16,4.7.9,4.8.4}: multiple vulnerabilities (CVE-2018-{1139,1140,10858,10918,10919}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | marco, samba |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
sys-libs/tevent-0.9.37
sys-libs/talloc-2.1.14
sys-libs/tdb-1.3.16
dev-db/lmdb-0.9.23
sys-libs/ldb-1.3.6
net-fs/samba-4.8.6-r2
dev-util/lttng-ust-2.8.1
dev-libs/userspace-rcu-0.10.1
|
Runtime testing required: | --- |
Bug Depends on: | 664314, 669618 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2018-08-22 21:57:58 UTC
This will need some preparation like bug 664314 but I suggest to switch to 4.8.x branch. Adding proposed package list. Could you please now start the stabilization process, after 2 months have passed? In the meantime net-fs/samba-4.8.4 was removed from the tree. Available now are 4.8.5 and 4.8.6. An automated check of this bug failed - repoman reported dependency errors (169 lines truncated):
> dependency.bad net-fs/samba/samba-4.8.6.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-util/lttng-ust']
> dependency.bad net-fs/samba/samba-4.8.6.ebuild: RDEPEND: alpha(default/linux/alpha/13.0) ['dev-util/lttng-ust']
> dependency.bad net-fs/samba/samba-4.8.6.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['dev-util/lttng-ust']
amd64 stable Re-adding amd64... please wait until stable-bot sets "+" so you won't miss packages like now. An automated check of this bug failed - repoman reported dependency errors (169 lines truncated):
> dependency.bad net-fs/samba/samba-4.8.6.ebuild: DEPEND: alpha(default/linux/alpha/13.0) ['dev-util/lttng-ust']
> dependency.bad net-fs/samba/samba-4.8.6.ebuild: RDEPEND: alpha(default/linux/alpha/13.0) ['dev-util/lttng-ust']
> dependency.bad net-fs/samba/samba-4.8.6.ebuild: DEPEND: alpha(default/linux/alpha/13.0/desktop) ['dev-util/lttng-ust']
sambsa-4.8.6 has >=sys-libs/ldb-1.3.6[ldap(+)?,python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] <sys-libs/ldb-1.4.0[ldap(+)?,python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] in its dependencies, hence is not matching ldb-1.5.1 (In reply to Sven Wegener from comment #8) > sambsa-4.8.6 has > > > >=sys-libs/ldb-1.3.6[ldap(+)?,python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] > <sys-libs/ldb-1.4.0[ldap(+)?,python?,${PYTHON_USEDEP},${MULTILIB_USEDEP}] > > in its dependencies, hence is not matching ldb-1.5.1 Fixed in Package list. x86 stable amd64 stable ppc64 stable ppc stable Remaining arches please note, samba package has been stable-revbumped to 4.8.6-r1 to fix a file installation issue. *** Bug 671572 has been marked as a duplicate of this bug. *** It is possible to stabilze also net-fs/samba-4.7.11 for amd64 ? ia64 stable hppa stable @ maintainer(s): Please cleanup and drop <net-fs/samba-4.8.6-r2! Added to an existing GLSA. This issue was resolved and addressed in GLSA 202003-52 at https://security.gentoo.org/glsa/202003-52 by GLSA coordinator Thomas Deutschmann (whissi). |