latest to quarterly merge delay
Sydney Meyer
syd.meyer at gmail.com
Tue May 30 17:50:09 UTC 2017
Hello List,
i'm running samba44 an 11.0-RELEASE on AMD64 with the default quarterly
branch.
On May 25 i noticed a CVE with samba44 in the pkg audit report for a
"critical remote code execution vulnerability".
https://vuxml.freebsd.org/freebsd/6f4d96c0-4062-11e7-b291-b499baebfeaf.html
Samba Upstream has released a patch on May 24th, the corresponding port
in HEAD was updated the same day.
The samba44 binary package was updated on the 25th May to the latest
branch, but the 11-RELEASE quarterly branch still seems to hold the
vulnerable samba44-4.4.13.txz.
I have a workaround deployed for this specific vulnerability, but i
would like to ask if there is a operational issue on my side, i.e. did i
miss something here?
Thanks..
Sydney
More information about the freebsd-pkg
mailing list