13990 – [SECURITY] security release 19 June 2019

Bug 13990 - [SECURITY] security release 19 June 2019

Summary: [SECURITY] security release 19 June 2019

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.10.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:	CVE-2019-12435 CVE-2019-12436
Blocks:
	Show dependency tree / graph

Reported:	2019-06-08 15:13 UTC by Andrew Bartlett
Modified:	2019-06-19 17:17 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2019-06-08 15:13:52 UTC

Pre-notification to vendors due before:  9 June
Pre-notification to users due on: 12 June

There will be (assuming all patches get a second review tick) a Samba security release on 19 June.

Comment 1 Andrew Bartlett 2019-06-08 20:19:19 UTC

A Samba security release is scheduled for 19 June 2019 for the two CVEs listed. 

Details are on the individual bugs and are under embargo until the release.

Comment 2 Karolin Seeger 2019-06-19 06:55:47 UTC

Samba 4.10.5 and 4.9.9 have been released to address these defects.
Closing out bug report.

Thanks!

Comment 3 Andrew Bartlett 2019-06-19 17:17:25 UTC

Removing embargo from release tracking bug