Debian Bug report logs -
#668309
samba: remote code execution (CVE-2012-1182)
Reported by: Yves-Alexis Perez <corsac@debian.org>
Date: Tue, 10 Apr 2012 20:54:45 UTC
Severity: critical
Tags: security
Found in version samba/3.6.3-2
Fixed in version 2:3.6.4-1
Done: Christian PERRIER <bubulle@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
:
Bug#668309
; Package src:samba
.
(Tue, 10 Apr 2012 20:54:47 GMT) (full text, mbox, link).
Acknowledgement sent
to Yves-Alexis Perez <corsac@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
.
(Tue, 10 Apr 2012 20:54:47 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: samba
Version: 3.6.3-2
Severity: critical
Tags: security
Justification: root security hole
Hey,
samba team just released an advisory for a remote code execution (as
root) : https://www.samba.org/samba/security/CVE-2012-1182
Please package 3.6.4 for sid/testing and backport 3.5.14 fixes to
squeeze when possible.
Thanks in advance,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
:
Bug#668309
; Package src:samba
.
(Wed, 11 Apr 2012 06:48:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Christian PERRIER <bubulle@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>
.
(Wed, 11 Apr 2012 06:48:05 GMT) (full text, mbox, link).
Message #10 received at 668309@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Quoting Yves-Alexis Perez (corsac@debian.org):
> Source: samba
> Version: 3.6.3-2
> Severity: critical
> Tags: security
> Justification: root security hole
>
> Hey,
>
> samba team just released an advisory for a remote code execution (as
> root) : https://www.samba.org/samba/security/CVE-2012-1182
>
> Please package 3.6.4 for sid/testing and backport 3.5.14 fixes to
> squeeze when possible.
Jelmer Vernooij was working on it during last weeks and packages
should hit unstable and stable-security very soon.
Jelmer, do you confirm?
I'll also work on fixing 3.6 backports in squeeze-backports.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Christian PERRIER <bubulle@debian.org>
:
You have taken responsibility.
(Thu, 12 Apr 2012 06:21:08 GMT) (full text, mbox, link).
Notification sent
to Yves-Alexis Perez <corsac@debian.org>
:
Bug acknowledged by developer.
(Thu, 12 Apr 2012 06:21:08 GMT) (full text, mbox, link).
Message #15 received at 668309-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 2:3.6.4-1
Jelmer fixed that issue in unstable with the upload of samba 3.6.4
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 10 May 2012 07:33:12 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:25:05 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.