<div id="geary-body" dir="auto"><div>Hi James,</div><div><br></div><div>The latest package for xenial appears to be 4.3.11+dfsg-0ubuntu0.16.04.13, which means it uses the original upstream 4.3.11 sources *plus* patches from Ubuntu. This is standard practice for Ubuntu release, where you don't get upgraded to new versions of your packages, but you do get security fixes applied to them.</div><div><br></div><div>You can download the Ubuntu packaging source here: <a href="https://launchpad.net/ubuntu/+archive/primary/+files/samba_4.3.11+dfsg-0ubuntu0.16.04.13.debian.tar.xz">https://launchpad.net/ubuntu/+archive/primary/+files/samba_4.3.11+dfsg-0ubuntu0.16.04.13.debian.tar.xz</a></div><div><br></div><div>In that, under the /debian/patches/ directory, you will see the patches that fix CVE-2018-1057.</div></div><div id="geary-signature" dir="auto"><div style="white-space: pre-wrap;">-- Michael Hall mhall119@gmail.com</div></div><div id="geary-quote" dir="auto"><br>On Wed, Mar 21, 2018 at 6:17 AM, James Boland <james.boland@unipart.io> wrote:<br><blockquote type="cite"><div class="plaintext" style="white-space: pre-wrap;">Sorry Nish, I didnÿt realise it was already patched. The newest ubuntu package was reporting Samba version 4.3.11 whereas Samba.org had 4.8.0 released. I wasnÿt aware these were two separate tracks. My bad. Cheers, James -----Original Message----- From: Nish Aravamudan <<a href="mailto:nish.aravamudan@canonical.com">nish.aravamudan@canonical.com</a>> Sent: 20 March 2018 20:32 To: James Boland <<a href="mailto:james.boland@unipart.io">james.boland@unipart.io</a>> Cc: Ubuntu Core developers <<a href="mailto:ubuntu-devel-discuss@lists.ubuntu.com">ubuntu-devel-discuss@lists.ubuntu.com</a>> Subject: Re: Samba CVE-2018-1057 Hi James, On Tue, Mar 20, 2018 at 4:30 AM, James Boland <<a href="mailto:james.boland@unipart.io">james.boland@unipart.io</a>> wrote: <blockquote> Hi there, Are there any plans to upgrade the current Samba package to mitigate again the recent security bug in CVE-2018-1057 ? </blockquote> <a href="https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1057.html">https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1057.html</a> Thanks, Nish <div>-- </div>Ubuntu-devel-discuss mailing list <a href="mailto:Ubuntu-devel-discuss@lists.ubuntu.com">Ubuntu-devel-discuss@lists.ubuntu.com</a> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss">https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a> </div></blockquote></div>