Here's the latest -Current changelog:
Fri Jun 26 22:06:58 CDT 2009
This upgrade fixes the following security issues:
In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes".
In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf.
With a maliciously crafted file name smbclient can be made to execute code triggered by the server.
For more information, see:
(* Security fix *)
Fixed missing praliases. Thanks to Mark Post.