-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Feb 2022 21:54:02 +0100 Source: samba Architecture: source Version: 2:4.13.13+dfsg-1~deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1001068 1004693 1004694 Changes: samba (2:4.13.13+dfsg-1~deb11u3) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patches for CVE-2022-0336 (Closes: #1004694) - CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN. - CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object. * Add patches for CVE-2021-44142 (Closes: #1004693) - CVE-2021-44142: libadouble: add defines for icon lengths. - CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs. - CVE-2021-44142: libadouble: harden ad_unpack_xattrs() - CVE-2021-44142: libadouble: add basic cmocka tests. - CVE-2021-44142: libadouble: harden parsing code. * Add patches to address "The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token" (Closes: #1001068) - CVE-2020-25727: idmap_nss: verify that the name of the sid belongs to the configured domain - CVE-2020-25717: tests/krb5: Add method to automatically obtain server credentials - CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room for new accounts - CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss - CVE-2020-25717: tests/krb5: Add a test for idmap_nss mapping users to SIDs - CVE-2020-25717: s3:auth: Fallback to a SID/UID based mapping if the named based lookup fails Checksums-Sha1: 62595a0c2cd92a646f2ee32ef98a9b7f12737a74 4514 samba_4.13.13+dfsg-1~deb11u3.dsc 9a5f54933e1409a4c403e4a4d7f122071af9700d 467700 samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz Checksums-Sha256: 0d84245dfa8ac468b5f50910d1942bac515c8d17e08261390f8ce8a422ba9a05 4514 samba_4.13.13+dfsg-1~deb11u3.dsc b053b5d46c3f42c6167312a640f0b73972c2e8c9e87405e5559e3fb91fd5fe89 467700 samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz Files: 1241d6789653e4eea6b82fa627468dda 4514 net optional samba_4.13.13+dfsg-1~deb11u3.dsc e25800062ba55e437c3e036c6e023a89 467700 net optional samba_4.13.13+dfsg-1~deb11u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmH8RsRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EhxQQAJv0xn6HV0bmHW4BvocvQ+fkei30Qs3x mnGRMlIJo/3zRjr/813Ia9ZiFSBT/TTvxnvlr+1Fk+zJSRALpyoXtqQ/GXpwOa10 eEX5AK9rwBm5XAVK45OchrrX4yXYcqG8/SRZzcJo/RDJApTBYM2zSS5LOkfX0xE+ m+GqTPbp1PHFDe2BJnQZnt1hhtIVaNvGP/Mf/6OWqjWUlRPGhp9AgjUr+ffPGtx3 0HIZ61GRB0Uxr3mgRQvhzWZJYQ+/XU6hMNS+EBV9NbXIQY+XOOiRLagZlYi4I52a 42RcCi+6gXjPwIrJqSsSZTOafSZQox3sszEohBcH1gN0htFI3KfmzEdZWyIoaX2Y GTRckvx9bG+WgPyVESSS+gBGBwQgx9hg2Ae0an5C8PpcmFECcl7b+meiNwVqF3MR +LuIRvlC2cgv2PUMXfoedsA98UVkLGxSJk9MJ+1Gsldhy6EhdSjQqsLIKkYmf7Yj oFJFJ6np2u7j7HAUEZrAXmuEm+vJW62VuhE5f1ZKyhI0D4u7Sus2pr3+5hdEc8m0 HCcgcgbkuxxan+N+5WM+s3OngZQAWxNEPVtszxu/TpRNcLF9122lcrmiVYWmj5uz f81juB9L5VBCuUMQBO7FBS87XJ4tfqmIfL1gTOiAmAU+lwYXI9Jy43s/XU7hTbtf 7kiZHZ4gcsk+ =lSxZ -----END PGP SIGNATURE-----