[SAMBA4] Is it affected by CVE-2008-1105? - Samba

This is a discussion on [SAMBA4] Is it affected by CVE-2008-1105? - Samba ; As Jelmer prepared some Debian packages for samba4 (which I have to upload after the heat with samba3 security issues cools down), I feel like I have the duty to ask: is Samba4 affected by that security issue? Even if ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [SAMBA4] Is it affected by CVE-2008-1105?

  1. [SAMBA4] Is it affected by CVE-2008-1105?

    As Jelmer prepared some Debian packages for samba4 (which I have to
    upload after the heat with samba3 security issues cools down), I feel
    like I have the duty to ask: is Samba4 affected by that security
    issue?

    Even if they're targeted to Debian experimental, I wouldn't like to
    upload vulnerable packages...


  2. Re: [SAMBA4] Is it affected by CVE-2008-1105?

    On Thu, 2008-05-29 at 07:46 +0200, Christian Perrier wrote:
    > As Jelmer prepared some Debian packages for samba4 (which I have to
    > upload after the heat with samba3 security issues cools down), I feel
    > like I have the duty to ask: is Samba4 affected by that security
    > issue?
    >
    > Even if they're targeted to Debian experimental, I wouldn't like to
    > upload vulnerable packages...


    I would expect not, but have not checked. It is a totally new codebase
    in this area, and has a pretty strict focus on bounds checking (but as
    always we may find issues regardless...).

    Andrew Bartlett

    --
    Andrew Bartlett
    http://samba.org/~abartlet/
    Authentication Developer, Samba Team http://samba.org
    Samba Developer, Red Hat Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.9 (GNU/Linux)

    iD8DBQBIPqHRz4A8Wyi0NrsRAuHbAKCnlvbFxNNjpnSyppTSct 2sBs0C6ACeOhWO
    VYwfbByc5qx2N5MU7rxS0aI=
    =tfkv
    -----END PGP SIGNATURE-----


+ Reply to Thread