[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba-technical
Subject:    Re: [SAMBA4] Is it affected by CVE-2008-1105?
From:       Andrew Bartlett <abartlet () samba ! org>
Date:       2008-05-29 12:30:10
Message-ID: 1212064210.17261.48.camel () naomi
[Download RAW message or body]


On Thu, 2008-05-29 at 07:46 +0200, Christian Perrier wrote:
> As Jelmer prepared some Debian packages for samba4 (which I have to
> upload after the heat with samba3 security issues cools down), I feel
> like I have the duty to ask: is Samba4 affected by that security
> issue?
> 
> Even if they're targeted to Debian experimental, I wouldn't like to
> upload vulnerable packages...:)

I would expect not, but have not checked.  It is a totally new codebase
in this area, and has a pretty strict focus on bounds checking (but as
always we may find issues regardless...).

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]