From dbd71b68ae9813526758a40de0e2d0c8daa1f5d3 Mon Sep 17 00:00:00 2001
From: Karolin Seeger <kseeger@samba.org>
Date: Wed, 30 Sep 2009 13:55:57 +0200
Subject: [PATCH] WHATSNEW: Update release notes.

Karolin
(cherry picked from commit 42c537c845f48149cb8492cb0eaa114fe64694f1)
---
 WHATSNEW.txt | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5c9c1ffe967..21701c5be50 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,10 +1,11 @@
                    ==============================
                    Release Notes for Samba 3.0.37
-                         September, 29 2009
+                          October, 1 2009
                    ==============================
 
 
-This is a security release in order to address CVE-2009-2813 and CVE-2009-2948.
+This is a security release in order to address CVE-2009-2813, CVE-2009-2948
+and CVE-2009-2906.
 Please note that Samba 3.0 is not maintained any longer. This security
 release is shipped on a voluntary basis.
 
@@ -19,6 +20,27 @@ release is shipped on a voluntary basis.
      credential or password path to which he or she does not have access and
      then use the --verbose option to view the first line of that file.
 
+   o CVE-2009-2906:
+     Specially crafted SMB requests on authenticated SMB connections can
+     send smbd into a 100% CPU loop, causing a DoS on the Samba server.
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.36
+--------------------
+
+
+o   Jeremy Allison <jra@samba.org>
+    * BUG 6763: Fix for CVE-2009-2813.
+    * BUG 6768: Fix for CVE-2009-2906.
+
+
+o   Jeff Layton <jlayton@redhat.com>
+    * Fix for CVE-2009-2948.
+
 
 ######################################################################
 Reporting bugs & Development Discussion
-- 
2.34.1