Debian Wheezy package for samba4 with fix for CVE-2013-0172

Andrew Bartlett abartlet at
Tue Feb 12 02:39:14 UTC 2013

I was a little shocked to realise that the package in Wheezy hasn't had
the CVE-2013-0172 fix applied.

What I've done is test in a git tree with a backported set of patches,
using the test we designed to check this issue.  I've then bundled these
patches into a debian package, and built it. 

The source and binary packages are at:

I've also installed them and watched the (very nice thankyou)
auto-configuration just work.

I've then run the same test to prove the security issue is fixed, so
what I'm looking for from where is some help getting this into Debian. 

If I've done this all correctly, then I'll rev the experimental package
from 4.0.0 to 4.0.3, catching both the security fix and our first
maintenance release.  

Finally, someone will need to port these across to Ubuntu, so I've CC'ed
the ubuntu-motu list in the hope that someone can pick this up, or at
least be aware of the issue. 


Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the Ubuntu-motu mailing list