From: Karolin Seeger <kseeger@samba.org>
Date: Sun, 24 Jul 2011 19:24:27 +0000 (+0200)
Subject: WHATSNEW: Update release notes.
X-Git-Tag: samba-3.4.14~14
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=315437d3d5a503b2d17c8a01f0e2c088febb041a

WHATSNEW: Update release notes.

Karolin
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b14e254c37f..b18c9020a7f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,20 +1,37 @@
                    ==============================
                    Release Notes for Samba 3.4.14
-			  , 2011
+			   July 26, 2011
                    ==============================
 
 
-This is the latest stable release of Samba 3.4.
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o  CVE-2011-2522:
+   The Samba Web Administration Tool (SWAT) in Samba versions
+   3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
 
-Major enhancements in Samba 3.4.14 include:
+o  CVE-2011-2694:
+   The Samba Web Administration Tool (SWAT) in Samba versions
+   3.0.x to 3.5.9 are affected by a cross-site scripting
+   vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
 
-o 
 
 Changes since 3.4.13
 --------------------
 
 
-o  
+o   Kai Blin <kai@samba.org>
+    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+    * BUG 8290: CSRF vulnerability in SWAT.
+
 
 ######################################################################
 Reporting bugs & Development Discussion