3 files changed, 35 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 38296b2ea4..cf962688d2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,11 @@ samba (2:3.2.2-1) UNRELEASED; urgency=low
   [ Noèl Köthe ]
   * fixing lintian warning "build-depends-on-1-revision"
 
+  [ Steve Langasek ]
+  * New patch debian/patches/CVE-2008-3789-ldb-permissions.patch, fixing the
+    default permissions on ldb databases.  Addresses CVE-2008-3789,
+    closes: #496073.
+
  -- Noèl Köthe <noel@debian.org>  Sat, 16 Aug 2008 17:29:09 +0200
 
 samba (2:3.2.1-1) unstable; urgency=low
diff --git a/debian/patches/CVE-2008-3789-ldb-permissions.patch b/debian/patches/CVE-2008-3789-ldb-permissions.patch
new file mode 100644
index 0000000000..07ce0be769
--- /dev/null
+++ b/debian/patches/CVE-2008-3789-ldb-permissions.patch
@@ -0,0 +1,29 @@
+From 2b72b0fe8d17b8ea29f966196862a9b895a55f62 Mon Sep 17 00:00:00 2001
+From: Karolin Seeger <kseeger@samba.org>
+Date: Mon, 25 Aug 2008 09:37:26 +0200
+Subject: [PATCH] ldb: Fix permissions of group_mapping.ldb.
+
+This one fixes bug #5715.
+Thanks to Steve Langasek for reporting!
+
+Karolin
+---
+ source/lib/ldb/common/ldb.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c
+index e469c49..743711b 100644
+--- a/source/lib/ldb/common/ldb.c
++++ b/source/lib/ldb/common/ldb.c
+@@ -51,7 +51,7 @@ struct ldb_context *ldb_init(void *mem_ctx)
+ 	}
+ 
+ 	ldb_set_utf8_default(ldb);
+-	ldb_set_create_perms(ldb, 0666);
++	ldb_set_create_perms(ldb, 0600);
+ 
+ 	return ldb;
+ }
+-- 
+1.5.4.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 24ce4a5043..9fae853eb7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,4 @@ swat-de.patch
 smbtar-bashism.patch
 no-unnecessary-cups.patch
 shrink-dead-code.patch
+CVE-2008-3789-ldb-permissions.patch