Samba CVE-2018-1057

[Michael Hall]

Hi James,

The latest package for xenial appears to be 
4.3.11+dfsg-0ubuntu0.16.04.13, which means it uses the original 
upstream 4.3.11 sources *plus* patches from Ubuntu. This is standard 
practice for Ubuntu release, where you don't get upgraded to new 
versions of your packages, but you do get security fixes applied to 
them.

You can download the Ubuntu packaging source here: 
https://launchpad.net/ubuntu/+archive/primary/+files/samba_4.3.11+dfsg-0ubuntu0.16.04.13.debian.tar.xz

In that, under the /debian/patches/ directory, you will see the patches 
that fix CVE-2018-1057.
--
Michael Hall
mhall119 at gmail.com

On Wed, Mar 21, 2018 at 6:17 AM, James Boland <james.boland at unipart.io> 
wrote:
> Sorry Nish, I didn’t realise it was already patched. The newest 
> ubuntu package was reporting Samba version 4.3.11 whereas Samba.org 
> had 4.8.0 released. I wasn’t aware these were two separate tracks. 
> My bad.
> 
> Cheers,
> James
> 
> -----Original Message-----
> From: Nish Aravamudan <nish.aravamudan at canonical.com>
> Sent: 20 March 2018 20:32
> To: James Boland <james.boland at unipart.io>
> Cc: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
> Subject: Re: Samba CVE-2018-1057
> 
> Hi James,
> 
> On Tue, Mar 20, 2018 at 4:30 AM, James Boland 
> <james.boland at unipart.io> wrote:
>>  Hi there,
>> 
>> 
>> 
>>  Are there any plans to upgrade the current Samba package to mitigate
>>  again the recent security bug in CVE-2018-1057 ?
> 
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1057.html
> 
> Thanks,
> Nish
> 
> 
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20180321/b1ec00fd/attachment.html>