announcing EOL for Samba 2.2 and updating the security pages from today's releases

git-svn-id: file:///home/svn/samba-web/trunk@170 44aeb9d7-1cd8-0310-b257-a505e0beeac2

diff --git a/samba.html b/samba.html
index 31daa52acfc103ce0efde112fb096cdee38eed0d..63cd67789c0b1a2f810d78724bd67fa380918489 100755 (executable)
--- a/samba.html
+++ b/samba.html
@@ -47,6 +47,18 @@ to verify the GPG signature for Samba releases</a>.
 </li>
 </ul>
 
+<ul>
+<li>(22nd Jul, 2004) <em>End of Life for Samba 2.2 Announced</em>
+    <p>October 1, 2004 has been designated as the end-of-life (EOL)
+    for the Samba 2.2 codebase.  Samba 2.2 has been in maintenance
+    mode since the release of v3.0.0 last September.  With this announcement
+    it is being officially announced that there will be no further
+    2.2 releases (including security fixes) following the October 1 deadline.
+    All Samba administrators are encouraged to upgrade aging Samba 2.x servers
+    to Samba v3.0.5.
+</li>
+</ul>
+
 
 <ul>
 <li>(16th Jun, 2004) <em>Welcome new Samba Team member Vance Lankhaar</em>

diff --git a/security.html b/security.html
index 77e579766448a50cddc25c9914223a2b975ae3c3..e0f68dce83d55ea4f5574f9b4df0b8701a3f7dc6 100755 (executable)
--- a/security.html
+++ b/security.html
@@ -7,9 +7,11 @@ date. The previously affected versions of Samba are listed alongside
 the appropriate security concern. For complete information, follow the
 link to full release notes for each release.</p>
 
+</table>
+
     <table align="center" cellpadding="5" cellspacing="5">
       <th colspan="6">Samba Security Releases</th>
-      <tr align="center">
+      <tr align="center" valign="bottom">
         <td><em>Date Issued</em></td>
        <td><em>Download (Gzipped)</em></td>
        <td><em>Known Issue(s)</em></td>
@@ -17,51 +19,72 @@ link to full release notes for each release.</p>
        <td><em>CVE ID #</em></td>
        <td><em>Complete Release Notes</em></td>
       </tr>
-      <tr align="center">
-        <td>9 February 2004</td>
+      
+      <tr align="center" valign="top">
+        <td>22 Jul 2004</td>
+       <td><a href="/samba/ftp/samba-3.0.5.tar.gz">Samba 3.0.5</a></td>
+       <td align="left">Two potential buffer overruns</td>
+        <td>>=3.0.2</td>
+       <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600">CAN-2004-0600</a>, 
+       <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-06086">CAN-2004-0686</a>
+       </td>
+        <td><a href="/samba/whatsnew/samba-3.0.5.html">release notes</a></td>
+      </tr>
+      
+      <tr align="center" valign="top">
+        <td>22 Jul 2004</td>
+       <td><a href="/samba/ftp/samba-2.2.10.tar.gz">Samba 2.2.10</a></td>
+       <td align="left">Buffer overrun in hash mangling method</td>
+        <td>all 2.2 releases</td>
+       <td><a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-06086">CAN-2004-0686</a>
+       </td>
+        <td><a href="/samba/whatsnew/samba-2.2.10.html">release notes</a></td>
+      </tr>
+      
+      <tr align="center" valign="top">
+        <td>9 Feb 2004</td>
        <td><a href="/samba/ftp/old-versions/samba-3.0.2a.tar.gz">Samba 3.0.2a</a></td>
        <td align="left">Password initialization bug that could grant
-an attacker unauthorized
-access to a user account created by the mksmbpasswd.sh shell script.</td>
-        <td>Previous versions of Samba 3.0</td>
+       an attacker unauthorized
+       access to a user account created by the mksmbpasswd.sh shell script.</td>
+        <td>>=3.0.0</td>
        <td><a
-href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082">CAN-2004-
-0082</a></td>
+       href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0082">CAN-2004-0082</a></td>
         <td><a href="/samba/whatsnew/samba-3.0.2a.html">release notes</a></td>
       </tr>
-      <tr align="center">
-        <td>7 April 2003</td>
+      
+      <tr align="center" valign="top">
+        <td>7 Apr 2003</td>
        <td><a href="/samba/ftp/old-versions/samba-2.2.8a.tar.gz">Samba 2.2.8a</a></td>
        <td align="left">Buffer overrun condition in the SMB/CIFS packet fragment
-re-assembly code in smbd which would allow an attacker to cause smbd
-to overwrite arbitrary areas of memory in its own process address
-space.  An attacker could inject binary specific exploit code into smbd.</td>
-        <td>All releases from Samba 2.0.x to 2.2.7a inclusive</td>
+       re-assembly code.</td>
+        <td>all 2.0 releases and <= 2.2.8</td>
        <td><a
-href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-
-0201</a></td>
-        <td><a href="/samba/whatsnew/samba-2.2.8.html">release notes</a></td>
+       href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-0201</a></td>
+        <td><a href="/samba/whatsnew/samba-2.2.8a.html">release notes</a></td>
       </tr>
-      <tr align="center">
-        <td>10 December 2002</td>
+      
+      <tr align="center" valign="top">
+        <td>10 Dec 2002</td>
        <td><a href="/samba/ftp/old-versions/samba-2.2.7a.tar.gz">Samba 2.2.7a</a></td>
        <td align="left">Bug in the length checking for encrypted password change
-requests from clients.  An attacker could potentially send an encrypted
-password, which, when ecrypted with the old hashed password could be used as a
-buffer overrun attack on the stack of smbd.</td>
-        <td>All releases from Samba 2.2.2 to 2.2.6 inclusive</td>
+       requests from clients.</td>
+        <td>2.2.2 - 2.2.6</td>
        <td><a
-href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-
-0201</a> & <a
-href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085">CAN-2003-
-0085</a></td>
+       href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201">CAN-2003-0201</a> , <a
+       href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085">CAN-2003-0085</a></td>
         <td><a href="/samba/whatsnew/samba-2.2.7a.html">release notes</a></td>
       </tr>
     </table>
+<br>
     
+<table border=0 width="75%" align="center">
+  <tr><td></td><td align="left">
+
+
     <p><em>If you suspect you have discovered a serious security hole in a
 Samba
 release, please send an email to <a
 href="mailto:security@samba.org">security@samba.org</a>.</em></p>
       
-<!--#include virtual="/samba/footer.html" --> 
\ No newline at end of file
+<!--#include virtual="/samba/footer.html" -->