diff options
author | Karolin Seeger <kseeger@samba.org> | 2011-07-24 21:24:27 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2011-08-18 21:20:58 +0200 |
commit | cf451d4710a073888cd1e30b88c6f03a1f49d19c (patch) | |
tree | 5d5e2c58557038c9c59fcb30deccc3829ff8f75f | |
parent | b941edf9c20bd6a92aec2a62be5b830db1194ce8 (diff) | |
download | samba-cf451d4710a073888cd1e30b88c6f03a1f49d19c.tar.gz |
WHATSNEW: Update release notes.
Karolin
(cherry picked from commit 315437d3d5a503b2d17c8a01f0e2c088febb041a)
-rw-r--r-- | WHATSNEW.txt | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index abb8cd7b6cc..890d0029571 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -41,21 +41,38 @@ Release notes for older versions follow: ============================== Release Notes for Samba 3.4.14 - , 2011 + July 26, 2011 ============================== -This is the latest stable release of Samba 3.4. +This is a security release in order to address +CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and +CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). + + +o CVE-2011-2522: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site request forgery. + -Major enhancements in Samba 3.4.14 include: +o CVE-2011-2694: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site scripting + vulnerability. + +Please note that SWAT must be enabled in order for these +vulnerabilities to be exploitable. By default, SWAT +is *not* enabled on a Samba install. -o Changes since 3.4.13 -------------------- -o +o Kai Blin <kai@samba.org> + * BUG 8289: SWAT contains a cross-site scripting vulnerability. + * BUG 8290: CSRF vulnerability in SWAT. + ###################################################################### Reporting bugs & Development Discussion |