git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
d4ae73b
)
WHATSNEW: Update release notes.
author
Karolin Seeger
<kseeger@samba.org>
Sun, 24 Jul 2011 19:24:27 +0000
(21:24 +0200)
committer
Karolin Seeger
<kseeger@samba.org>
Sun, 24 Jul 2011 19:24:27 +0000
(21:24 +0200)
Karolin
WHATSNEW.txt
patch
|
blob
|
history
diff --git
a/WHATSNEW.txt
b/WHATSNEW.txt
index b14e254c37fc8b8b7dfde9e7fed5fb3938ad8f0f..b18c9020a7f10c19dea03fa1c957ed297d8cffc2 100644
(file)
--- a/
WHATSNEW.txt
+++ b/
WHATSNEW.txt
@@
-1,20
+1,37
@@
==============================
Release Notes for Samba 3.4.14
==============================
Release Notes for Samba 3.4.14
- , 2011
+
July 26
, 2011
==============================
==============================
-This is the latest stable release of Samba 3.4.
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o CVE-2011-2522:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
-Major enhancements in Samba 3.4.14 include:
+o CVE-2011-2694:
+ The Samba Web Administration Tool (SWAT) in Samba versions
+ 3.0.x to 3.5.9 are affected by a cross-site scripting
+ vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
-o
Changes since 3.4.13
--------------------
Changes since 3.4.13
--------------------
-o
+o Kai Blin <kai@samba.org>
+ * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+ * BUG 8290: CSRF vulnerability in SWAT.
+
######################################################################
Reporting bugs & Development Discussion
######################################################################
Reporting bugs & Development Discussion