o CVE-2009-1886:
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing
with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made
to execute code triggered by the server.
o CVE-2009-1888:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data
value can potentially affect access control when "dos filemode"
is set to "yes".
Security: CVE-2009-1886, CVE-2009-1888
In Samba 3.2.9, there is an issue while migrating passdb.tdb files from older
Samba versions (e.g. 3.2.8). That causes panics of smbd child processes until
the parent smbd is restarted once after converting the passdb.tdb file. This
issue is fixed in Samba 3.2.10.
o Correctly detect if the current DC is the closest one.
o Add saf_join_store() function to memorize the DC used at join time.
This avoids problems caused by replication delays shortly after domain
joins.
More bugs introduced^Wfixed!
