WHATSNEW: Add release notes for Samba 4.19.1.

Signed-off-by: Jule Anger <janger@samba.org>

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 439556605cad596799afd8e4f96a80ddcb22a9fa..f6f6fabd42f5b5071b8d1df4c924ef17937e6ef7 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,75 @@
+                   ==============================
+                   Release Notes for Samba 4.19.1
+                          October 10, 2023
+                   ==============================
+
+
+This is a security release in order to address the following defects:
+
+
+o CVE-2023-3961:  Unsanitized pipe names allow SMB clients to connect as root to
+                  existing unix domain sockets on the file system.
+                  https://www.samba.org/samba/security/CVE-2023-3961.html
+
+o CVE-2023-4091:  SMB client can truncate files to 0 bytes by opening files with
+                  OVERWRITE disposition when using the acl_xattr Samba VFS
+                  module with the smb.conf setting
+                  "acl_xattr:ignore system acls = yes"
+                  https://www.samba.org/samba/security/CVE-2023-4091.html
+
+o CVE-2023-4154:  An RODC and a user with the GET_CHANGES right can view all
+                  attributes, including secrets and passwords.  Additionally,
+                  the access check fails open on error conditions.
+                  https://www.samba.org/samba/security/CVE-2023-4154.html
+
+o CVE-2023-42669: Calls to the rpcecho server on the AD DC can request that the
+                  server block for a user-defined amount of time, denying
+                  service.
+                  https://www.samba.org/samba/security/CVE-2023-42669.html
+
+o CVE-2023-42670: Samba can be made to start multiple incompatible RPC
+                  listeners, disrupting service on the AD DC.
+                  https://www.samba.org/samba/security/CVE-2023-42670.html
+
+
+Changes since 4.19.0
+--------------------
+
+o  Jeremy Allison <jra@samba.org>
+   * BUG 15422: CVE-2023-3961.
+
+o  Andrew Bartlett <abartlet@samba.org>
+   * BUG 15424: CVE-2023-4154.
+   * BUG 15473: CVE-2023-42670.
+   * BUG 15474: CVE-2023-42669.
+
+o  Ralph Boehme <slow@samba.org>
+   * BUG 15439: CVE-2023-4091.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
                    ==============================
                    Release Notes for Samba 4.19.0
                          September 04, 2023