From owner-freebsd-questions@FreeBSD.ORG Fri Jun 20 11:21:49 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C82CA1065670 for ; Fri, 20 Jun 2008 11:21:49 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id 81BBD8FC2B for ; Fri, 20 Jun 2008 11:21:49 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) with esmtp (envelope-from ) id <1K9ege-00054U-Kt>; Fri, 20 Jun 2008 13:21:48 +0200 Received: from telesto.geoinf.fu-berlin.de ([130.133.86.198]) by inpost2.zedat.fu-berlin.de (Exim 4.69) with esmtpsa (envelope-from ) id <1K9ege-0003KJ-K2>; Fri, 20 Jun 2008 13:21:48 +0200 Message-ID: <485B9283.2050008@zedat.fu-berlin.de> Date: Fri, 20 Jun 2008 11:20:35 +0000 From: "O. Hartmann" Organization: Freie =?ISO-8859-15?Q?Universit=E4t_Berlin?= User-Agent: Thunderbird 2.0.0.14 (X11/20080609) MIME-Version: 1.0 To: Johan Hendriks References: <485A5939.1090108@zedat.fu-berlin.de><20080620075113.A44833@gwdu60.gwdg.de> <485B674B.9010404@zedat.fu-berlin.de> <57200BF94E69E54880C9BB1AF714BBCB5DDF1F@w2003s01.double-l.local> In-Reply-To: <57200BF94E69E54880C9BB1AF714BBCB5DDF1F@w2003s01.double-l.local> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: 130.133.86.198 Cc: freebsd-questions@freebsd.org Subject: Re: SAMBA 3.0.28a and CVE-2008-1105 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2008 11:21:49 -0000 Johan Hendriks wrote: > >>> Konrad Heuer wrote: >>> >>> On Thu, 19 Jun 2008, O. Hartmann wrote: >>> >>>> We still have Samba R3.0.28a in the ports but regarding to >>>> CVE-2008-1105 shouldn't it be R3.0.30? >>> As far as I know the mentioned security patch gets applied when > building >>> Samba from ports. >>> >>> Best regards >>> >>> Konrad Heuer >>> GWDG, Am Fassberg, 37077 Goettingen, Germany, kheuer2@gwdg.de >>> > >> Oh, is that so ... then why isn't the version number bumped up? > Slightly >> confusing, but if the patch has been incorporated it makes me feel > better. > >> Kindly regards, >> Oliver > > Reding this on freshports makes me think it is bumped! > > 29 May 2008 11:47:46 > 3.0.28a_1,1 > > This is a security update of Samba 3.0.28a, that address CVE-2008-1105. > > Approved by: shaun (mentor, implicit) > Security: CVE-2008-1105 > > Regards, > Johan Hendriks > Double L Automatisering > > Well, sorry making this noise, I looked at www.samba.org and saw version 3.0.30 out there and checked against the port and that what smbstatus reveals and tried to figure out ... Somehow it would be much easier and for the 'stupid' among us (like me) to bump also version number - if that would be possible and without implications ino too much work ... Regards, Oliver