[Buildroot] [PATCH 1/1] package/samba4: security bump version to 4.10.10

Arnout Vandecappelle arnout at mind.be
Tue Oct 29 21:22:53 UTC 2019



On 29/10/2019 17:56, Bernd Kuhls wrote:
> This is a security release in order to address the following defects:
> 
> o CVE-2019-10218: Client code can return filenames containing path
>                   separators.
> o CVE-2019-14833: Samba AD DC check password script does not receive
>                   the full password.
> o CVE-2019-14847: User with "get changes" permission can crash AD DC
>                   LDAP server via dirsync.
> 
> Release notes: https://www.samba.org/samba/history/samba-4.10.10.html
> 
> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>

 Applied to master, thanks.

 Regards,
 Arnout

> ---
>  package/samba4/samba4.hash | 4 ++--
>  package/samba4/samba4.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/samba4/samba4.hash b/package/samba4/samba4.hash
> index e88fe3d147..02220772f6 100644
> --- a/package/samba4/samba4.hash
> +++ b/package/samba4/samba4.hash
> @@ -1,4 +1,4 @@
>  # Locally calculated after checking pgp signature
> -# https://download.samba.org/pub/samba/stable/samba-4.10.9.tar.asc
> -sha256 366df54dc43ff8cb2d3f94fad2a8e8561a398d94ab64b86761778843b5e61678  samba-4.10.9.tar.gz
> +# https://download.samba.org/pub/samba/stable/samba-4.10.10.tar.asc
> +sha256 700c734b51610e2feaa0d6744f9bec0c0d8917bca8cc78d5b63a4591f32866a5  samba-4.10.10.tar.gz
>  sha256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
> diff --git a/package/samba4/samba4.mk b/package/samba4/samba4.mk
> index dc0210e884..c7910d87c8 100644
> --- a/package/samba4/samba4.mk
> +++ b/package/samba4/samba4.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -SAMBA4_VERSION = 4.10.9
> +SAMBA4_VERSION = 4.10.10
>  SAMBA4_SITE = https://download.samba.org/pub/samba/stable
>  SAMBA4_SOURCE = samba-$(SAMBA4_VERSION).tar.gz
>  SAMBA4_INSTALL_STAGING = YES
> 



More information about the buildroot mailing list