On Sat, Jan 25, 2014 at 12:04:37PM +1300, Andrew Bartlett wrote: > I've checked, and this issue does not apply to samba4, because the > 'samba4' winbind does not implement this feature at all. That is, the > problem directive is ignored in all cases. (This is still fail-open, > but in this case consistently open). > > https://security-tracker.debian.org/tracker/CVE-2012-6150 Thanks, I've updated the Debian Security Tracker. Cheers, Moritz