kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/samba33
History
taca 5525ba13ce Update samba33 package to 3.3.16; security fix for swat. 
==============================
                   Release Notes for Samba 3.3.16
		           July 26, 2011
                   ==============================


This is a security release in order to address
CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).


o  CVE-2011-2522:
   The Samba Web Administration Tool (SWAT) in Samba versions
   3.0.x to 3.5.9 are affected by a cross-site request forgery.


o  CVE-2011-2694:
   The Samba Web Administration Tool (SWAT) in Samba versions
   3.0.x to 3.5.9 are affected by a cross-site scripting
   vulnerability.

Please note that SWAT must be enabled in order for these
vulnerabilities to be exploitable. By default, SWAT
is *not* enabled on a Samba install.


Changes since 3.3.15
--------------------


o   Kai Blin <kai@samba.org>
    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
    * BUG 8290: CSRF vulnerability in SWAT.
2011-07-27 00:53:37 +00:00
..
patches Update samba33 package to 3.3.16; security fix for swat. 2011-07-27 00:53:37 +00:00
distinfo Update samba33 package to 3.3.16; security fix for swat. 2011-07-27 00:53:37 +00:00
hacks.mk Disable PIE on NetBSD/macppc to fix use of unsupported relocation type in. 2010-03-08 22:19:07 +00:00
Makefile Update samba33 package to 3.3.16; security fix for swat. 2011-07-27 00:53:37 +00:00
PLIST Fix a PLIST problem noted by wiz@. 2010-02-17 16:02:17 +00:00