                   =============================
                   Release Notes for Samba 3.2.7
			 January 05, 2009
                   =============================


This is a security release in order to address CVE-2009-0022.

   o CVE-2009-0022
     In Samba 3.2.0 to 3.2.6, in setups with registry shares enabled,
     access to the root filesystem ("/") is granted
     when connecting to a share called "" (empty string)
     using old versions of smbclient (before 3.0.28).

The original security announcement for this and past advisories can
be found http://www.samba.org/samba/security/


######################################################################
Changes
#######

Changes since 3.2.6
-------------------


o   Michael Adam <obnox@samba.org>
    * Fix for CVE-2009-0022.


######################################################################
Reporting bugs & Development Discussion
#######################################

Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical IRC channel on irc.freenode.net.

If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored.  All bug reports should
be filed under the Samba 3.2 product in the project's Bugzilla
database (https://bugzilla.samba.org/).


======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================

