From bfa9f92e611e3b634c505b9c4a2c7aef128afb64 Mon Sep 17 00:00:00 2001
From: Karolin Seeger <kseeger@samba.org>
Date: Thu, 13 Jun 2019 11:47:07 +0200
Subject: [PATCH] WHATSNEW: Add release notes for Samba 4.10.5.

CVE-2019-12436 dsdb/paged_results: ignore successful results without messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951

CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Karolin Seeger <kseeger@samba.org>
---
 WHATSNEW.txt | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 62 insertions(+), 2 deletions(-)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 21aef0c4960..8339bbf958a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,64 @@
                    ==============================
+                   Release Notes for Samba 4.10.5
+                           June 19, 2019
+                   ==============================
+
+
+This is a security release in order to address the following defects:
+
+o  CVE-2019-12435 (Samba AD DC Denial of Service in DNS management server
+                  (dnsserver))
+o  CVE-2019-12436 (Samba AD DC LDAP server crash (paged searches))
+
+=======
+Details
+=======
+
+o  CVE-2019-12435:
+   An authenticated user can crash the Samba AD DC's RPC server process via a
+   NULL pointer dereference.
+
+o  CVE-2019-12436:
+    An user with read access to the directory can cause a NULL pointer
+    dereference using the paged search control.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.10.4:
+---------------------
+
+o  Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
+   * BUG 13922: CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
+     in DnssrvOperation2.
+   * BUG 13951: CVE-2019-12436 dsdb/paged_results: Ignore successful results
+     without messages.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   ==============================
                    Release Notes for Samba 4.10.4
                             May 22, 2019
                    ==============================
@@ -111,8 +171,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    ==============================
                    Release Notes for Samba 4.10.3
-- 
2.11.4.GIT