Date: Tue, 30 May 2017 19:50:06 +0200 From: Sydney Meyer <syd.meyer@gmail.com> To: freebsd-pkg@freebsd.org Subject: latest to quarterly merge delay Message-ID: <083e0e17-2d13-4e30-f0e0-7265ee01310d@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello List, i'm running samba44 an 11.0-RELEASE on AMD64 with the default quarterly branch. On May 25 i noticed a CVE with samba44 in the pkg audit report for a "critical remote code execution vulnerability". https://vuxml.freebsd.org/freebsd/6f4d96c0-4062-11e7-b291-b499baebfeaf.html Samba Upstream has released a patch on May 24th, the corresponding port in HEAD was updated the same day. The samba44 binary package was updated on the 25th May to the latest branch, but the 11-RELEASE quarterly branch still seems to hold the vulnerable samba44-4.4.13.txz. I have a workaround deployed for this specific vulnerability, but i would like to ask if there is a operational issue on my side, i.e. did i miss something here? Thanks.. Sydney
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?083e0e17-2d13-4e30-f0e0-7265ee01310d>