Samba 3.2.13 Available for Download

                   ==============================
                   Release Notes for Samba 3.2.13
			   June 23, 2009
                   ==============================


This is a security release in order to address CVE-2009-1886 and CVE-2009-1888.

   o CVE-2009-1886:
     In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
     with file names treat user input as a format string to asprintf.
     With a maliciously crafted file name smbclient can be made
     to execute code triggered by the server.

   o CVE-2009-1888:
     In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
     value can potentially affect access control when "dos filemode"
     is set to "yes".


######################################################################
Changes
#######

Changes since 3.2.12
--------------------


o   Jeremy Allison 
    * Fix for CVE-2009-1886.
    * Fix for CVE-2009-1888.