From: Karolin Seeger <kseeger@samba.org>
Date: Sun, 24 Jul 2011 19:24:27 +0000 (+0200)
Subject: WHATSNEW: Update release notes.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf451d4710a073888cd1e30b88c6f03a1f49d19c;p=thirdparty%2Fsamba.git

WHATSNEW: Update release notes.

Karolin
(cherry picked from commit 315437d3d5a503b2d17c8a01f0e2c088febb041a)
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index abb8cd7b6cc..890d0029571 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -41,21 +41,38 @@ Release notes for older versions follow:
 
                    ==============================
                    Release Notes for Samba 3.4.14
-			  , 2011
+			   July 26, 2011
                    ==============================
 
 
-This is the latest stable release of Samba 3.4.
+This is a security release in order to address
+CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and
+CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT).
+
+
+o  CVE-2011-2522:
+   The Samba Web Administration Tool (SWAT) in Samba versions
+   3.0.x to 3.5.9 are affected by a cross-site request forgery.
+
 
-Major enhancements in Samba 3.4.14 include:
+o  CVE-2011-2694:
+   The Samba Web Administration Tool (SWAT) in Samba versions
+   3.0.x to 3.5.9 are affected by a cross-site scripting
+   vulnerability.
+
+Please note that SWAT must be enabled in order for these
+vulnerabilities to be exploitable. By default, SWAT
+is *not* enabled on a Samba install.
 
-o 
 
 Changes since 3.4.13
 --------------------
 
 
-o  
+o   Kai Blin <kai@samba.org>
+    * BUG 8289: SWAT contains a cross-site scripting vulnerability.
+    * BUG 8290: CSRF vulnerability in SWAT.
+
 
 ######################################################################
 Reporting bugs & Development Discussion