2025-01-21 18:04:06 +03:00 · 2017-03-31 08:16:17 +02:00 · 2017-03-31 08:16:17 +02:00 · cc9aec72f5
commit cc9aec72f5
parent 818fb1a39c
1 changed files with 44 additions and 3 deletions
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@ -1,3 +1,44 @@
+                   ==============================
+                   Release Notes for Samba 4.4.13
+                           March 31, 2017
+                   ==============================
+
+
+This is a bug fix release to address a regression introduced by the security
+fixes for CVE-2017-2619 (Symlink race allows access outside share definition).
+Please see https://bugzilla.samba.org/show_bug.cgi?id=12721 for details.
+
+
+Changes since 4.4.12:
+---------------------
+
+o  Jeremy Allison <jra@samba.org>
+   * BUG 12721: Fix regression with "follow symlinks = no".
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
                   ==============================
                   Release Notes for Samba 4.4.12
                           March 23, 2017
@ -13,7 +54,7 @@ Details
 =======

 o  CVE-2017-2619:
-   All versions of Samba prior to 4.6.1, 4.5.7, 4.4.11 are vulnerable to
+   All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 are vulnerable to
   a malicious client using a symlink race to allow access to areas of
   the server file system not exported under the share definition.

@ -66,8 +107,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================


-Release notes for older releases follow:
----------------------------------------
+----------------------------------------------------------------------
+

                   ==============================
                   Release Notes for Samba 4.4.11