oss-security - Re: Samba security releases for CVE-2025-10230 and CVE-2025-9640

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <50bcfbdc-b717-4308-83a2-1937bd361631@gmail.com>
Date: Thu, 16 Oct 2025 14:37:43 -0400
From: Demi Marie Obenour <demiobenour@...il.com>
To: oss-security@...ts.openwall.com,
 Douglas Bagnall <douglas.bagnall@...alyst.net.nz>
Subject: Re: Samba security releases for CVE-2025-10230 and
 CVE-2025-9640

On 10/15/25 22:18, Douglas Bagnall wrote:
> Anyway, the summary is the Samba 3/4 history has left us with
> unmaintained pockets within our codebase that we ignore because we
> assume nobody is using them, but which we don't delete because maybe
> somebody is using them. There may not be very many more.

Would it make sense to announce that they are deprecated, and then
remove them in the next release?

-- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Download attachment "OpenPGP_0xB288B55FFF9C22C1.asc" of type "application/pgp-keys" (7141 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (834 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.