Comment 1 for bug 1956635

Received this explanation:
CVE-2020-25717 is about samba performing a fallback from "DOMAIN\account" to
simply "account" and ignoring the domain part. This would allow users to take
advantage of the fallback to escalate privileges.

The only way to fix the issue is to remove the fallback, hence winbind is now
required after the security update is applied. While this was a soft requirement
in 4.8 and later versions, fixing the security issue changed it to a hard
requirement as the fallback is no longer available. While the soft requirement
was introduced in 4.8, if we want to fix the security issue in 4.7 in Bionic, we
unfortunately had to require winbind also.