WHATSNEW: Start release notes for 3.5.5.

author Karolin Seeger <kseeger@samba.org>

Wed, 15 Sep 2010 18:52:40 +0000 (20:52 +0200)

committer Karolin Seeger <kseeger@samba.org>

Wed, 15 Sep 2010 18:52:40 +0000 (20:52 +0200)
author Karolin Seeger <kseeger@samba.org>
Wed, 15 Sep 2010 18:52:40 +0000 (20:52 +0200)
committer Karolin Seeger <kseeger@samba.org>
Wed, 15 Sep 2010 18:52:40 +0000 (20:52 +0200)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index 19f8875d98a58f1f64e899f26d19502304415878..0f52691e187cde8eef0787fa276cc51222cfe322 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,20 +1,33 @@
                     =============================
                     Release Notes for Samba 3.5.5
-                          , 2010
+                        September 14, 2010
                     =============================
  
  
-This is the latest stable release of Samba 3.5.
+This is a security release in order to address CVE-2010-3069.
  
-Major enhancements in Samba 3.5.5 include:
  
-  o 
+o  CVE-2010-3069:
+   All current released versions of Samba are vulnerable to
+   a buffer overrun vulnerability. The sid_parse() function
+   (and related dom_sid_parse() function in the source4 code)
+   do not correctly check their input lengths when reading a
+   binary representation of a Windows SID (Security ID). This
+   allows a malicious client to send a sid that can overflow
+   the stack variable that is being used to store the SID in the
+   Samba smbd server.
  
  
  Changes since 3.5.4
--------------------
+--------------------
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 7669: Fix for CVE-2010-3069.
  
  
+o   Andrew Bartlett <abartlet@samba.org>
+    * BUG 7669: Fix for CVE-2010-3069.
  
  
  ######################################################################
author	Karolin Seeger <kseeger@samba.org>
	Wed, 15 Sep 2010 18:52:40 +0000 (20:52 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 15 Sep 2010 18:52:40 +0000 (20:52 +0200)