https://security-tracker.debian.org/tracker/CVE-2017-11103
Back when samba4 (which has been eviscerated to a client) was a package, it linked against the system heimdal. You can see this because it depends on heimdal. https://packages.debian.org/wheezy/libsamba-credentials0 Additionally, the link the heimdal code has always been dynamic, not static, it just changed from dynamic to the system libs to dynamic to the vendored lib embedded in our tree with the Samba 4.2 packages. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
