Summary: | <net-fs/samba-{4.18.8,4.19.1}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Krzysztof Olędzki <ole+gentoo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | ajak, joakim.tjernlund, sam, samba |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=910606 https://bugs.gentoo.org/show_bug.cgi?id=915867 |
||
Whiteboard: | A1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 915562 | ||
Bug Blocks: |
Description
Krzysztof Olędzki
2023-10-10 17:40:31 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f9ca8ab1fb4782d6517f9e5b96d4da7ece2196e commit 1f9ca8ab1fb4782d6517f9e5b96d4da7ece2196e Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2023-10-10 18:03:18 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2023-10-10 18:04:31 +0000 net-fs/samba: add 4.18.8 Bug: https://bugs.gentoo.org/915556 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-fs/samba/Manifest | 1 + net-fs/samba/samba-4.18.8.ebuild | 383 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 384 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe87bbb5572ebbd784dc0d7825d745c3ea5fddcf commit fe87bbb5572ebbd784dc0d7825d745c3ea5fddcf Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2023-10-10 17:50:29 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2023-10-10 18:04:31 +0000 net-fs/samba: add 4.19.1 Bug: https://bugs.gentoo.org/915556 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-fs/samba/Manifest | 1 + net-fs/samba/samba-4.19.1.ebuild | 382 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 383 insertions(+) (In reply to Krzysztof Olędzki from comment #0) > Once done, can we please also stabilize net-fs/samba-4.18.8 and then remove > old versions from the tree (samba-4.18.4-r1, samba-4.18.5-r1, > samba-4.18.6-r1, samba-4.18.7 and samba-4.19.0-r1) > [...] > Note that 4.19.1 should not be used in production yet. While it does fixes > the mentioned security bugs, there are still several functionality / > stability fixes that are planned to be included in 4.19.2 with 2023-10-16 > ETA (a week from now). Going forward, please link to the upstream advisory as well, but also make separate remarks in an additional comment to make them harder to miss. See also https://bugs.gentoo.org/910606#c7. Will do, thank you so much Sam! By "link to the upstream advisor" you mean adding links like "https://www.samba.org/samba/security/CVE-2023-3961.html" to "See Also" or something else? (In reply to Krzysztof Olędzki from comment #3) > Will do, thank you so much Sam! > No, thank you for keeping on top of all of this! > By "link to the upstream advisor" you mean adding links like > "https://www.samba.org/samba/security/CVE-2023-3961.html" to "See Also" or > something else? Maybe chuck it in URL? I usually dump them at the top of the first comment though if there's multiple. I think See Also has a bunch of restrictions (it has to recognise the link as a bug tracker). What is left here? GLSA and removal of the old ebuilds? (In reply to Krzysztof Olędzki from comment #5) > What is left here? GLSA and removal of the old ebuilds? Yes, as indicated by the whiteboard (although in general that isn't always up-to-date). Ping. Please remove the vulnerable versions. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1ba820011c7aaea8f57f4dc6370ebe39e6ca1227 commit 1ba820011c7aaea8f57f4dc6370ebe39e6ca1227 Author: Ben Kohler <bkohler@gentoo.org> AuthorDate: 2024-02-09 17:11:53 +0000 Commit: Ben Kohler <bkohler@gentoo.org> CommitDate: 2024-02-09 17:13:36 +0000 net-fs/samba: drop versions Bug: https://bugs.gentoo.org/915556 Signed-off-by: Ben Kohler <bkohler@gentoo.org> net-fs/samba/Manifest | 9 - net-fs/samba/samba-4.18.4-r1.ebuild | 384 ------------------------------------ net-fs/samba/samba-4.18.5-r1.ebuild | 383 ----------------------------------- net-fs/samba/samba-4.18.6-r1.ebuild | 383 ----------------------------------- net-fs/samba/samba-4.18.7.ebuild | 383 ----------------------------------- net-fs/samba/samba-4.18.9.ebuild | 383 ----------------------------------- net-fs/samba/samba-4.19.0-r1.ebuild | 382 ----------------------------------- net-fs/samba/samba-4.19.1.ebuild | 382 ----------------------------------- net-fs/samba/samba-4.19.2.ebuild | 382 ----------------------------------- net-fs/samba/samba-4.19.3.ebuild | 382 ----------------------------------- 10 files changed, 3453 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=9df376ebb50854c82bdbbc1e4f71d408e449fc54 commit 9df376ebb50854c82bdbbc1e4f71d408e449fc54 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-19 06:05:38 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-02-19 06:10:22 +0000 [ GLSA 202402-28 ] Samba: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/891267 Bug: https://bugs.gentoo.org/910606 Bug: https://bugs.gentoo.org/915556 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202402-28.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) |