Overall bug to track issues that should probably be in the next security release (proposal at this point, to pass to the release manager for their decision).
Opening security bugs to vendors. Release date is currently proposed to be Wednesday 27 July but bug 15109 will be the authoritative reference on that.
Removing see-also bugs that caused some confusion. These unrelated issues are not part of this security release. (They were included to provide context in case they could be brought into it, but they were not).
Removing vendor CC (so that any public comments don't need to be broadcast so widely) and opening these bugs to the public.
If you wish to continue to be informed about any changes here please CC individually.
Some of these bugs have Samba 4.10 and 4.12 backports provided. The code trees that these are based on are not maintained by samba.org.
However they are public (as well as being the sum on previously released security bugs), and are listed here for those who desire to reproduce the tested state:
Particularly for the 4.10 case, care should be taken to ensure that other patches and security updates desired since that release are included (eg don't just swap out the release tarball, carefully apply all the patches on top of whatever you were previously shipping).
Release is done. Closing out bug report.
Many thanks at all!