From 315437d3d5a503b2d17c8a01f0e2c088febb041a Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Sun, 24 Jul 2011 21:24:27 +0200 Subject: [PATCH] WHATSNEW: Update release notes. Karolin --- WHATSNEW.txt | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b14e254c37f..b18c9020a7f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,20 +1,37 @@ ============================== Release Notes for Samba 3.4.14 - , 2011 + July 26, 2011 ============================== -This is the latest stable release of Samba 3.4. +This is a security release in order to address +CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and +CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). + + +o CVE-2011-2522: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site request forgery. + -Major enhancements in Samba 3.4.14 include: +o CVE-2011-2694: + The Samba Web Administration Tool (SWAT) in Samba versions + 3.0.x to 3.5.9 are affected by a cross-site scripting + vulnerability. + +Please note that SWAT must be enabled in order for these +vulnerabilities to be exploitable. By default, SWAT +is *not* enabled on a Samba install. -o Changes since 3.4.13 -------------------- -o +o Kai Blin + * BUG 8289: SWAT contains a cross-site scripting vulnerability. + * BUG 8290: CSRF vulnerability in SWAT. + ###################################################################### Reporting bugs & Development Discussion -- 2.11.4.GIT