From owner-freebsd-pkg@freebsd.org  Tue May 30 17:50:09 2017
Return-Path: <owner-freebsd-pkg@freebsd.org>
Delivered-To: freebsd-pkg@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5DA04B95310
 for <freebsd-pkg@mailman.ysv.freebsd.org>;
 Tue, 30 May 2017 17:50:09 +0000 (UTC)
 (envelope-from syd.meyer@gmail.com)
Received: from mail-wm0-x242.google.com (mail-wm0-x242.google.com
 [IPv6:2a00:1450:400c:c09::242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E469072C1C
 for <freebsd-pkg@freebsd.org>; Tue, 30 May 2017 17:50:08 +0000 (UTC)
 (envelope-from syd.meyer@gmail.com)
Received: by mail-wm0-x242.google.com with SMTP id b84so26599986wmh.0
 for <freebsd-pkg@freebsd.org>; Tue, 30 May 2017 10:50:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=to:from:subject:message-id:date:user-agent:mime-version
 :content-transfer-encoding:content-language;
 bh=rxnQyLt3ciT6Vv2XJGAG/pyUVic5JEcgkC+ik3zLqh4=;
 b=OZxNDrecvVYpKak7sevQ5yWmPDvdwi+rNkym5Lgpm0OWs2fQrmVawRMr2D7AsnOzut
 pIv+Q831bx/AKoB4PCj7DoE9hGnxRp8yVZO8xSAX3FxLHML8sOzytrAVHQGOZ49egUc+
 w22Fm/Q+8wsJMQOQyPoKF9jLXq6vwuUSVXXZbRazJ5wezDgUbNuwQQVUpu16tD10cFx3
 7i0UIenK8X8h01qbVxe16x45wTst2c6J2L+ejfHHpThucPOSNNefFhBNaXIHf45owVjM
 nfu6u2LAUw0FpmUwz2Lx79epAWEHcbKRUNNcO0NnItqSaHn5WtafFcVH+3Xoxo6pBzOE
 3r7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:to:from:subject:message-id:date:user-agent
 :mime-version:content-transfer-encoding:content-language;
 bh=rxnQyLt3ciT6Vv2XJGAG/pyUVic5JEcgkC+ik3zLqh4=;
 b=INIY3Xin62iElnjtbB1xPEopoWhV4mpRUrCIHALjZHypk7djMxHpS2bsdrDCeEPro2
 /gvgG43cXjij5SFc8Ki9YY2PFX4evrcaoxAK6Gtt+syFkKm/4xGJFaIELQ8Z3Cr5J4LW
 eidXLiDoN4xWp1whOb5RY1t2AphB/rCDSUBU6DzFdzkI/Jc+19MoUf6VdKyhb4fRznu1
 98yluxRTFhUG/PgUZ813Jb4nee9ia1VHZxaPtnQ+RwbxBsGmwSUqC6oxaA3p2hibNWXh
 ZVlMrbrOnqIYNt4OEaLLmIFE8prg3nnI7OFqyqBJ9HzVT19b70m/bxcmpfLXqKSaQinw
 MNxA==
X-Gm-Message-State: AODbwcDekuXSgmofd4qTF/t5DDXfB0uxiMtj0VjlyW1CtdRt9uu+zsfo
 TSrHBZ8lmv+smdc3sVQ=
X-Received: by 10.80.210.195 with SMTP id q3mr17734369edg.82.1496166607331;
 Tue, 30 May 2017 10:50:07 -0700 (PDT)
Received: from ?IPv6:2a02:a03f:a8f:8401:48f2:62be:c8d4:d236?
 ([2a02:a03f:a8f:8401:48f2:62be:c8d4:d236])
 by smtp.gmail.com with ESMTPSA id m53sm6118433edc.29.2017.05.30.10.50.06
 for <freebsd-pkg@freebsd.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 30 May 2017 10:50:06 -0700 (PDT)
To: freebsd-pkg@freebsd.org
From: Sydney Meyer <syd.meyer@gmail.com>
Subject: latest to quarterly merge delay
Message-ID: <083e0e17-2d13-4e30-f0e0-7265ee01310d@gmail.com>
Date: Tue, 30 May 2017 19:50:06 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-BeenThere: freebsd-pkg@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Binary package management and package tools discussion
 <freebsd-pkg.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pkg>,
 <mailto:freebsd-pkg-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pkg/>
List-Post: <mailto:freebsd-pkg@freebsd.org>
List-Help: <mailto:freebsd-pkg-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pkg>,
 <mailto:freebsd-pkg-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 May 2017 17:50:09 -0000

Hello List,

i'm running samba44 an 11.0-RELEASE on AMD64 with the default quarterly 
branch.

On May 25 i noticed a CVE with samba44 in the pkg audit report for a 
"critical remote code execution vulnerability".

https://vuxml.freebsd.org/freebsd/6f4d96c0-4062-11e7-b291-b499baebfeaf.html

Samba Upstream has released a patch on May 24th, the corresponding port 
in HEAD was updated the same day.

The samba44 binary package was updated on the 25th May to the latest 
branch, but the 11-RELEASE quarterly branch still seems to hold the 
vulnerable samba44-4.4.13.txz.

I have a workaround deployed for this specific vulnerability, but i 
would like to ask if there is a operational issue on my side, i.e. did i 
miss something here?

Thanks..

Sydney