Hello list! Just wanted to confirm whether this CVE affects the 3.0.4 version of Samba.. The samba.org website claims "This security advisory is applicable to all Samba 3.0.x releases to date" Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)" The CVE suggests that the version 3.0.4 would not be affected, my confused! Thanks in advance, Derek [1] http://us1.samba.org/samba/security/CVE-2008-1105.html
On Thu, Jun 5, 2008 at 7:27 PM, Derek <lists@reefer.co.nz> wrote:> Hello list! > > Just wanted to confirm whether this CVE affects the 3.0.4 version of Samba.. > > The samba.org website claims "This security advisory is applicable to all > Samba 3.0.x releases to date" > > Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)" > > The CVE suggests that the version 3.0.4 would not be affected, my confused! >Yes this really old version of samba is affected but this CVE and quite a few others... John
On Fri, Jun 06, 2008 at 11:27:25AM +1200, Derek wrote:> Just wanted to confirm whether this CVE affects the 3.0.4 version of > Samba.. > > The samba.org website claims "This security advisory is applicable to > all Samba 3.0.x releases to date" > > Yet the actual CVE [1] has "Versions: Samba 3.0.0 - 3.0.29 (inclusive)" > > The CVE suggests that the version 3.0.4 would not be affected, my confused!I'm not a native english speaker, but I wonder from what term in the CVE you read that 3.0.4 is not affected.... Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20080606/5a3ec9f6/attachment.bin