In fact, smb support is unnecessary, because you should be using smbnetfs, but for the rare cases when it is indeed handy, one should link dynamically against the latest current Samba library.
The problem is that nobody has time or/and is interested to provide a patch for this. If you do I will take care of bringing it to upstreams attention.
Basically all the CVE's that apply to Samba 2.0.4a:
http:// www.samba. org/samba/ history/ security. html
What in fact triggered the takedown of the smb support is a couple of other bugs (like nslookups floods) which are not going to be fixed:
http:// bugs.debian. org/cgi- bin/bugreport. cgi?bug= 451964
In fact, smb support is unnecessary, because you should be using smbnetfs, but for the rare cases when it is indeed handy, one should link dynamically against the latest current Samba library.
The problem is that nobody has time or/and is interested to provide a patch for this. If you do I will take care of bringing it to upstreams attention.