Date: Fri, 14 Dec 2007 10:37:10 -0600 From: "W. D." <WD@US-Webmasters.com> To: samba@lists.samba.org Cc: Remko Lodder <remko@FreeBSD.org>, Timur@FreeBSD.org, FreeBSD-Questions@FreeBSD.org Subject: Re: Yikes! FreeBSD samba-3.0.26a_2,1 is forbidden: "Remote Code Execution... Message-ID: <20071214164358.5D01A13C461@mx1.freebsd.org> In-Reply-To: <47600358.3010909@FreeBSD.org> References: <20071212065822.4F6A313C457@mx1.freebsd.org> <475F9560.40703@FreeBSD.org> <20071212090407.8B26613C478@mx1.freebsd.org> <47600358.3010909@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:50 12/12/2007, Remko Lodder wrote: >W. D. wrote: >> At 02:01 12/12/2007, Remko Lodder wrote: >>> W. D. wrote: >>>> ...Vulnerability - CVE-2007-6015" >>>> >>>> http://www.freshports.org/net/samba3/ >>>> >>>>=20 >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D >>>> *samba3 3.0.26a_2,1* net <http://www.freshports.org/net/>; >>>> <http://www.freshports.org/faq.php#watchlistcount>; =3D220 >>>> >>>=20 ><http://www.freshports.org/search.php?stype=3Ddepends_all&method=3Dmatch&q>= >uery=3Dnet/samba3> >>>> FORBIDDEN: "Remote Code Execution Vulnerability - CVE-2007-6015" >>>> IGNORE: is forbidden: "Remote Code Execution Vulnerability -= CVE-2007-6015" >>>>=20 >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D >>>> >>>>=20 >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D >>>> 11 Dec 2007 22:39:55 >>>> *3.0.26a_2,1* remko <mailto:remko@FreeBSD.org> >>>> >>>=20 ><http://www.freshports.org/search.php?stype=3Dcommitter&method=3Dexact&quer= y=3Dremko> >>>> >>>> Make Samba forbidden till Timur had the time to upgrade this, >>>> because >>>> samba appears to be vulnerable to remote code execution which could= harm >>>> our users. >>>> >>>> This will be removed after we have a safe version to which we can >>>> upgrade. >>>> >>>> Hat: =20 >>>> secteam >>>> Discussed with and requested >>>> by: timur >>>> >>>>=20 >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D >>>> >>>> Dang! When will this be fixed? >>>> >>>> >>> Soon, there are patches available, we just need to make sure that it >>> doesn't bite anything while we are in a ports-slush, hence the FORBIDDEN >>> part. >>> >>> Best regards, >>> Remko >>=20 >> Hours? Days? Weeks? >>=20 > >The freebsd port will be up to date as soon as possible, there are fixes >available already on the Samba websites.. > >Best regards, >remko Well, it's been 2 days now. When will the code be updated in the FreeBSD ports? The version on the Samba website is 3.0.28. (http://www.Samba.org/) Why is the FreeBSD ports version stuck at 3.0.26a_2,1? If there are fixes available already on the Samba websites, why can't they be integrated into the ports? I neet to get a fileserver going right away. I would like to use Samba. Perhaps I should just load Windows on it? It seems to me that leaving a port broken like this is very "unprofessional". I would expect more from the folks maintaing FreeBSD. When is it going to be fixed? Does "soon" mean this century? This year? When? Start Here to Find It Fast!=99 ->= http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071214164358.5D01A13C461>