Hello, Samba 3.3 series is affected by CVE 2009-1888: In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes". So, the 3.3.4 versiont hat's in backports.org is affected too. I have a ready upload of the backport of 3.3.6 packages which I uploaded in unstable. From what I understand of bpo policy wrt security updates, it would be OK for me to upload it. Is that correct?