diff -Nru samba-4.4.5+dfsg/debian/changelog samba-4.4.5+dfsg/debian/changelog
--- samba-4.4.5+dfsg/debian/changelog	2017-03-16 13:04:08.000000000 +0000
+++ samba-4.4.5+dfsg/debian/changelog	2017-03-20 14:47:39.000000000 +0000
@@ -1,11 +1,11 @@
-samba (2:4.4.5+dfsg-2ubuntu5.3) yakkety-security; urgency=medium
+samba (2:4.4.5+dfsg-2ubuntu5.4) yakkety-security; urgency=medium
 
   * SECURITY UPDATE: Symlink race allows access outside share definition
     - debian/patches/CVE-2017-2619/*.patch: backport security fix and
       prerequisite patches from upstream.
     - CVE-2017-2619
 
- -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 16 Mar 2017 09:04:08 -0400
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 20 Mar 2017 10:47:39 -0400
 
 samba (2:4.4.5+dfsg-2ubuntu5.2) yakkety-security; urgency=medium
 
diff -Nru samba-4.4.5+dfsg/debian/patches/CVE-2017-2619/CVE-2017-2619-12.patch samba-4.4.5+dfsg/debian/patches/CVE-2017-2619/CVE-2017-2619-12.patch
--- samba-4.4.5+dfsg/debian/patches/CVE-2017-2619/CVE-2017-2619-12.patch	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.4.5+dfsg/debian/patches/CVE-2017-2619/CVE-2017-2619-12.patch	2017-03-20 14:47:07.000000000 +0000
@@ -0,0 +1,56 @@
+From 5203536696b3d813d6b4005958d137683972e58c Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sun, 19 Mar 2017 15:58:17 +0100
+Subject: [PATCH 1/2] CVE-2017-2619: s3/smbd: re-open directory after
+ dptr_CloseDir()
+
+dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
+have to reopen it.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Uri Simchoni <uri@samba.org>
+---
+ source3/smbd/smb2_query_directory.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/source3/smbd/smb2_query_directory.c b/source3/smbd/smb2_query_directory.c
+index e18a279..2af029b 100644
+--- a/source3/smbd/smb2_query_directory.c
++++ b/source3/smbd/smb2_query_directory.c
+@@ -24,6 +24,7 @@
+ #include "../libcli/smb/smb_common.h"
+ #include "trans2.h"
+ #include "../lib/util/tevent_ntstatus.h"
++#include "system/filesys.h"
+ 
+ static struct tevent_req *smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
+ 					      struct tevent_context *ev,
+@@ -322,7 +323,23 @@ static struct tevent_req *smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
+ 	}
+ 
+ 	if (in_flags & SMB2_CONTINUE_FLAG_REOPEN) {
++		int flags;
++
+ 		dptr_CloseDir(fsp);
++
++		/*
++		 * dptr_CloseDir() will close and invalidate the fsp's file
++		 * descriptor, we have to reopen it.
++		 */
++
++		flags = O_RDONLY;
++#ifdef O_DIRECTORY
++		flags |= O_DIRECTORY;
++#endif
++		status = fd_open(conn, fsp, flags, 0);
++		if (tevent_req_nterror(req, status)) {
++			return tevent_req_post(req, ev);
++		}
+ 	}
+ 
+ 	if (!smbreq->posix_pathnames) {
+-- 
+2.9.3
+
diff -Nru samba-4.4.5+dfsg/debian/patches/CVE-2017-2619/CVE-2017-2619-13.patch samba-4.4.5+dfsg/debian/patches/CVE-2017-2619/CVE-2017-2619-13.patch
--- samba-4.4.5+dfsg/debian/patches/CVE-2017-2619/CVE-2017-2619-13.patch	1970-01-01 00:00:00.000000000 +0000
+++ samba-4.4.5+dfsg/debian/patches/CVE-2017-2619/CVE-2017-2619-13.patch	2017-03-20 14:47:32.000000000 +0000
@@ -0,0 +1,62 @@
+From 3cc5241fae9669a41fc0b538e96d901f467d0b0b Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sun, 19 Mar 2017 18:52:10 +0100
+Subject: [PATCH 2/2] CVE-2017-2619: s4/torture: add SMB2_FIND tests with
+ SMB2_CONTINUE_FLAG_REOPEN flag
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Uri Simchoni <uri@samba.org>
+---
+ source4/torture/smb2/dir.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+Index: samba-4.4.5+dfsg/source4/torture/smb2/dir.c
+===================================================================
+--- samba-4.4.5+dfsg.orig/source4/torture/smb2/dir.c	2017-03-20 10:47:29.115932651 -0400
++++ samba-4.4.5+dfsg/source4/torture/smb2/dir.c	2017-03-20 10:47:29.111932604 -0400
+@@ -674,7 +674,7 @@
+ 	return true;
+ }
+ 
+-enum continue_type {CONT_SINGLE, CONT_INDEX, CONT_RESTART};
++enum continue_type {CONT_SINGLE, CONT_INDEX, CONT_RESTART, CONT_REOPEN};
+ 
+ static NTSTATUS multiple_smb2_search(struct smb2_tree *tree,
+ 				     TALLOC_CTX *tctx,
+@@ -700,6 +700,9 @@
+ 
+ 	/* The search should start from the beginning everytime */
+ 	f.in.continue_flags = SMB2_CONTINUE_FLAG_RESTART;
++	if (cont_type == CONT_REOPEN) {
++		f.in.continue_flags = SMB2_CONTINUE_FLAG_REOPEN;
++	}
+ 
+ 	do {
+ 		status = smb2_find_level(tree, tree, &f, &count, &d);
+@@ -803,18 +806,23 @@
+ 		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "SINGLE",  SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_SINGLE},
+ 		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "INDEX",   SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_INDEX},
+ 		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "RESTART", SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_RESTART},
++		{"SMB2_FIND_BOTH_DIRECTORY_INFO",    "REOPEN",  SMB2_FIND_BOTH_DIRECTORY_INFO,    RAW_SEARCH_DATA_BOTH_DIRECTORY_INFO,    CONT_REOPEN},
+ 		{"SMB2_FIND_DIRECTORY_INFO",         "SINGLE",  SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_SINGLE},
+ 		{"SMB2_FIND_DIRECTORY_INFO",         "INDEX",   SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_INDEX},
+ 		{"SMB2_FIND_DIRECTORY_INFO",         "RESTART", SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_RESTART},
++		{"SMB2_FIND_DIRECTORY_INFO",         "REOPEN",  SMB2_FIND_DIRECTORY_INFO,         RAW_SEARCH_DATA_DIRECTORY_INFO,         CONT_REOPEN},
+ 		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "SINGLE",  SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_SINGLE},
+ 		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "INDEX",   SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_INDEX},
+ 		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "RESTART", SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_RESTART},
++		{"SMB2_FIND_FULL_DIRECTORY_INFO",    "REOPEN",  SMB2_FIND_FULL_DIRECTORY_INFO,    RAW_SEARCH_DATA_FULL_DIRECTORY_INFO,    CONT_REOPEN},
+ 		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "SINGLE",  SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_SINGLE},
+ 		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "INDEX",   SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_INDEX},
+ 		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "RESTART", SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_RESTART},
++		{"SMB2_FIND_ID_FULL_DIRECTORY_INFO", "REOPEN",  SMB2_FIND_ID_FULL_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_FULL_DIRECTORY_INFO, CONT_REOPEN},
+ 		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "SINGLE",  SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_SINGLE},
+ 		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "INDEX",   SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_INDEX},
+-		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "RESTART", SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_RESTART}
++		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "RESTART", SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_RESTART},
++		{"SMB2_FIND_ID_BOTH_DIRECTORY_INFO", "REOPEN",  SMB2_FIND_ID_BOTH_DIRECTORY_INFO, RAW_SEARCH_DATA_ID_BOTH_DIRECTORY_INFO, CONT_REOPEN},
+ 	};
+ 
+ 	smb2_deltree(tree, DNAME);
diff -Nru samba-4.4.5+dfsg/debian/patches/series samba-4.4.5+dfsg/debian/patches/series
--- samba-4.4.5+dfsg/debian/patches/series	2017-03-16 13:04:00.000000000 +0000
+++ samba-4.4.5+dfsg/debian/patches/series	2017-03-20 14:47:25.000000000 +0000
@@ -60,3 +60,5 @@
 CVE-2017-2619/CVE-2017-2619-9.patch
 CVE-2017-2619/CVE-2017-2619-10.patch
 CVE-2017-2619/CVE-2017-2619-11.patch
+CVE-2017-2619/CVE-2017-2619-12.patch
+CVE-2017-2619/CVE-2017-2619-13.patch