Stefan G. Weichinger
2023-Nov-28 08:26 UTC
[Samba] [Announce] Samba 4.19.3 Available for Download
Am 27.11.23 um 17:50 schrieb Rowland Penny via samba:> If you can follow the trail: > > https://www.samba.org/samba/security/CVE-2018-14628.html > > Then: > > https://bugzilla.samba.org/show_bug.cgi?id=13595 > > You would find this at comment 20 from Jule Anger: > > Pushed to autobuild-v4-{19,18}-test. > I will add the section to the release notes and I will include the bug > for the next 4.17 security release. > > 4.18.8 is due on WednesdayYou mean 4.18.9? I already run 4.18.8. So that manual fix is to be done AFTER 4.18.9? Or could I do it already? I can wait for 4.18.9, sure, just asking. Thanks ...
Rowland Penny
2023-Nov-28 08:49 UTC
[Samba] [Announce] Samba 4.19.3 Available for Download
On Tue, 28 Nov 2023 09:26:56 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 27.11.23 um 17:50 schrieb Rowland Penny via samba: > > > If you can follow the trail: > > > > https://www.samba.org/samba/security/CVE-2018-14628.html > > > > Then: > > > > https://bugzilla.samba.org/show_bug.cgi?id=13595 > > > > You would find this at comment 20 from Jule Anger: > > > > Pushed to autobuild-v4-{19,18}-test. > > I will add the section to the release notes and I will include the > > bug for the next 4.17 security release. > > > > 4.18.8 is due on Wednesday > > You mean 4.18.9? I already run 4.18.8. > > So that manual fix is to be done AFTER 4.18.9? Or could I do it > already? > > I can wait for 4.18.9, sure, just asking. Thanks ... > >Yes, you are correct, the next in the 4.18 line is 4.18.9 , that is what you get when you receive an email that tells you this: Samba 4.18.8 is scheduled for Wednesday, November 29 2023. AND you believe it without checking :-( As far as I am aware (and what do I know) you need 4.19.3 to have the code to fix the CVE problem, the same code will be in the next 4.18 version and in any future 4.17 release (date of latter unknown at this point, may be never if no further security problems come to light). Lets be honest, the problem has always been there and doesn't really tell you anything about anything, it just didn't do what Microsoft does. I will not be worrying about this and will fix this 'problem' when I can. Rowland