============================== Release Notes for Samba 3.2.13 June 23, 2009 ============================== This is a security release in order to address CVE-2009-1886 and CVE-2009-1888. o CVE-2009-1886: In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server. o CVE-2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". ###################################################################### Changes ####### Changes since 3.2.12 -------------------- o Jeremy Allison* Fix for CVE-2009-1886. * Fix for CVE-2009-1888.