WHATSNEW: Update release notes.

Karolin
(cherry picked from commit 42c537c845f48149cb8492cb0eaa114fe64694f1)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5c9c1ffe967e096827bca86e09a9e46581abe04f..21701c5be5076a50d6d119a9972ff77111ed5718 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,10 +1,11 @@
                    ==============================
                    Release Notes for Samba 3.0.37
-                         September, 29 2009
+                          October, 1 2009
                    ==============================
 
 
-This is a security release in order to address CVE-2009-2813 and CVE-2009-2948.
+This is a security release in order to address CVE-2009-2813, CVE-2009-2948
+and CVE-2009-2906.
 Please note that Samba 3.0 is not maintained any longer. This security
 release is shipped on a voluntary basis.
 
@@ -19,6 +20,27 @@ release is shipped on a voluntary basis.
      credential or password path to which he or she does not have access and
      then use the --verbose option to view the first line of that file.
 
+   o CVE-2009-2906:
+     Specially crafted SMB requests on authenticated SMB connections can
+     send smbd into a 100% CPU loop, causing a DoS on the Samba server.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.36
+--------------------
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 6763: Fix for CVE-2009-2813.
+    * BUG 6768: Fix for CVE-2009-2906.
+
+
+o   Jeff Layton <jlayton@redhat.com>
+    * Fix for CVE-2009-2948.
+
 
 ######################################################################
 Reporting bugs & Development Discussion