#34455: samba3 @3.2.15_2 request to add CVE-2012-1182 patch --------------------------------------+------------------------------------- Reporter: nonstop.server@… | Owner: mww@… Type: defect | Status: new Priority: High | Milestone: Component: ports | Version: Keywords: | Port: samba3 --------------------------------------+------------------------------------- Comment(by nonstop.server@…): Replying to [comment:2 ryandesign@…]: No, there are no outstanding security updates against Samba version 3.6.6.[[BR]] CVE-2012-1182 has been solved since security release 3.6.4 of Samba. {{{ ============================= Release Notes for Samba 3.6.4 April 10, 2012 ============================= This is a security release in order to address CVE-2012-1182 ("root" credential remote code execution). o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes since 3.6.3: -------------------- o Stefan Metzmacher <metze@samba.org> *BUG 8815: PIDL based autogenerated code allows overwriting beyond of allocated array (CVE-2012-1182). }}} -- Ticket URL: <https://trac.macports.org/ticket/34455#comment:3> MacPorts <http://www.macports.org/> Ports system for Mac OS