W. D.
2007-Dec-12 06:38 UTC
[Samba] Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
...Vulnerability - CVE-2007-6015" http://www.freshports.org/net/samba3/ ===========================================================================samba3 3.0.26a_2,1 <http://www.freshports.org/net/>net<http://www.freshports.org/faq.php#watchlistcount> <http://www.freshports.org/search.php?stype=depends_all&method=match&query=net/samba3>=220 FORBIDDEN: "Remote Code Execution Vulnerability - CVE-2007-6015" IGNORE: is forbidden: "Remote Code Execution Vulnerability - CVE-2007-6015" =========================================================================== ===========================================================================11 Dec 2007 22:39:55 3.0.26a_2,1 <mailto:remko@FreeBSD.org>remko<http://www.freshports.org/search.php?stype=committer&method=exact&query=remko> Make Samba forbidden till Timur had the time to upgrade this, because samba appears to be vulnerable to remote code execution which could harm our users. This will be removed after we have a safe version to which we can upgrade. Hat: secteam Discussed with and requested by: timur =========================================================================== Dang! When will this be fixed? Start Here to Find It Fast!? -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/
W. D.
2007-Dec-12 09:04 UTC
[Samba] Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
At 02:01 12/12/2007, Remko Lodder wrote:>W. D. wrote: >> ...Vulnerability - CVE-2007-6015" >> >> http://www.freshports.org/net/samba3/ >> >> ===========================================================================>> *samba3 3.0.26a_2,1* net <http://www.freshports.org/net/> >> <http://www.freshports.org/faq.php#watchlistcount> =220 >> ><http://www.freshports.org/search.php?stype=depends_all&method=match&q>uery=net/samba3> >> FORBIDDEN: "Remote Code Execution Vulnerability - CVE-2007-6015" >> IGNORE: is forbidden: "Remote Code Execution Vulnerability - CVE-2007-6015" >> ===========================================================================>> >> ===========================================================================>> 11 Dec 2007 22:39:55 >> *3.0.26a_2,1* remko <mailto:remko@FreeBSD.org> >> ><http://www.freshports.org/search.php?stype=committer&method=exact&query=remko> >> >> >> Make Samba forbidden till Timur had the time to upgrade this, >> because >> samba appears to be vulnerable to remote code execution which could harm >> our users. >> >> This will be removed after we have a safe version to which we can >> upgrade. >> >> Hat: >> secteam >> Discussed with and requested >> by: timur >> >> ===========================================================================>> >> Dang! When will this be fixed? >> >> > >Soon, there are patches available, we just need to make sure that it >doesn't bite anything while we are in a ports-slush, hence the FORBIDDEN >part. > >Best regards, >RemkoHours? Days? Weeks? Start Here to Find It Fast!? -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/
W. D.
2007-Dec-14 16:37 UTC
[Samba] Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
At 09:50 12/12/2007, Remko Lodder wrote:>W. D. wrote: >> At 02:01 12/12/2007, Remko Lodder wrote: >>> W. D. wrote: >>>> ...Vulnerability - CVE-2007-6015" >>>> >>>> http://www.freshports.org/net/samba3/ >>>> >>>> >===========================================================================>>>> *samba3 3.0.26a_2,1* net <http://www.freshports.org/net/> >>>> <http://www.freshports.org/faq.php#watchlistcount> =220 >>>> >>> ><http://www.freshports.org/search.php?stype=depends_all&method=match&q>>uery=net/samba3> >>>> FORBIDDEN: "Remote Code Execution Vulnerability - CVE-2007-6015" >>>> IGNORE: is forbidden: "Remote Code Execution Vulnerability - CVE-2007-6015" >>>> >===========================================================================>>>> >>>> >===========================================================================>>>> 11 Dec 2007 22:39:55 >>>> *3.0.26a_2,1* remko <mailto:remko@FreeBSD.org> >>>> >>> ><http://www.freshports.org/search.php?stype=committer&method=exact&query=remko> >>>> >>>> Make Samba forbidden till Timur had the time to upgrade this, >>>> because >>>> samba appears to be vulnerable to remote code execution which could harm >>>> our users. >>>> >>>> This will be removed after we have a safe version to which we can >>>> upgrade. >>>> >>>> Hat: >>>> secteam >>>> Discussed with and requested >>>> by: timur >>>> >>>> >===========================================================================>>>> >>>> Dang! When will this be fixed? >>>> >>>> >>> Soon, there are patches available, we just need to make sure that it >>> doesn't bite anything while we are in a ports-slush, hence the FORBIDDEN >>> part. >>> >>> Best regards, >>> Remko >> >> Hours? Days? Weeks? >> > >The freebsd port will be up to date as soon as possible, there are fixes >available already on the Samba websites.. > >Best regards, >remkoWell, it's been 2 days now. When will the code be updated in the FreeBSD ports? The version on the Samba website is 3.0.28. (http://www.Samba.org/) Why is the FreeBSD ports version stuck at 3.0.26a_2,1? If there are fixes available already on the Samba websites, why can't they be integrated into the ports? I neet to get a fileserver going right away. I would like to use Samba. Perhaps I should just load Windows on it? It seems to me that leaving a port broken like this is very "unprofessional". I would expect more from the folks maintaing FreeBSD. When is it going to be fixed? Does "soon" mean this century? This year? When? Start Here to Find It Fast!? -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/