Still confidential, from samba-pkg-sec : Versions: Samba 3.0.x <= 3.0.7 A remote attacker could cause and smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters. A bug in the input validation routines used to match filename strings containing wildcard characters may allow a user to consume more than normal amounts of CPU cycles thus impacting the performance and response of the server. In some circumstances the server can become entirely unresponsive. 3.0.8 will be released around 09:00 CST (GMT-6) Monday, Nov 8. Given the short timeframe it's probably better to bump to 3.0.8 when it's ready rather than to patch it. However we've patches if they are preferred.
Issue is now public, fixed version has been released. Please bump to 3.0.8...
In cvs: samba-3.0.8.ebuild is marked unstable for all archs at now.
thanks Christian arches please test samba-3.0.8 and mark stable if possible current KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" target KEYWORDS="arm alpha amd64 hppa ia64 mips ppc ppc64 s390 sparc x86"
http://us4.samba.org/samba/security/CAN-2004-0930.html http://securitytracker.com/alerts/2004/Nov/1012133.html
stable on ppc
stable on ppc64
sparc stable.
amd64 stable
Adding x86 to the needed stable arches
arm/hppa/ia64/s390 stable uNF
Stable on alpha.
mips stable.
x86 there.. sorry for the delay.. Btw, why are winbind, quotas and libclamav USE flags not in use.local.desc?
GLSA 200411-21