diff options
| author | bubulle <bubulle@alioth.debian.org> | 2011-07-28 06:01:40 +0000 |
|---|---|---|
| committer | bubulle <bubulle@alioth.debian.org> | 2011-07-28 06:01:40 +0000 |
| commit | 87b4118386d76a66f33ea4610004638306d8acf6 (patch) | |
| tree | 40629dfa6b1ffdfac51287f777735eaabbe8d54f /WHATSNEW.txt | |
| parent | 2b69417f7703877b8e8b25ffa378cbc91dbb8d36 (diff) | |
| download | samba-87b4118386d76a66f33ea4610004638306d8acf6.tar.gz | |
Merge upstream 3.5.10
git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@3858 fc4039ab-9d04-0410-8cac-899223bdd6b0
Diffstat (limited to 'WHATSNEW.txt')
| -rw-r--r-- | WHATSNEW.txt | 62 |
1 files changed, 60 insertions, 2 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f9b4a46c28..2f75a9ae43 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,61 @@ + ============================== + Release Notes for Samba 3.5.10 + July 26, 2011 + ============================== + + +This is a security release in order to address +CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and +CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). + + +o CVE-2011-2522: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site request forgery. + + +o CVE-2011-2694: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site scripting + vulnerability. + +Please note that SWAT must be enabled in order for these +vulnerabilities to be exploitable. By default, SWAT +is *not* enabled on a Samba install. + + +Changes since 3.5.9: +-------------------- + + +o Kai Blin <kai@samba.org> + * BUG 8289: SWAT contains a cross-site scripting vulnerability. + * BUG 8290: CSRF vulnerability in SWAT. + + +###################################################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + ============================= Release Notes for Samba 3.5.9 June 14, 2011 @@ -142,8 +200,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================= Release Notes for Samba 3.5.8 |