CVE-2009-2906 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2906): smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
Maintainers, please bump/provide a fixed ebuild.
CVE-2009-2948 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2948): mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.
All ebuilds are there: samba-3.0.37.ebuild samba-3.2.15.ebuild samba-3.3.9.ebuild (plus split ebuilds) samba-3.4.3.ebuild (plus split ebuilds) only stable version was 3.0, so I suggest stabling 3.0.37.
Arches, please test and mark stable: =net-fs/samba-3.0.37 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64/x86 stable
arm stable
alpha/ia64/s390/sh/sparc stable
Stable for HPPA.
ppc64 done
ppc stable
Vote: yes.
Vote: YES, together with the rest.
This issue was resolved and addressed in GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml by GLSA coordinator Sean Amoss (ackle).