Package: samba Version: 2:4.1.17+dfsg-2+deb8u2
Severity: grave Tags: security,fixed-upstream,wheezy,jessie,sid,experimental (Severity listed as grave as the scope of the security issue is not yet public; it may be critical, and a lesser vulnerability level was not enumerated that reflects a potentially serious security issue.) The security vulnerability mentioned on samba.org (https://www.samba.org/samba/latest_news.html ) (links to http://badlock.org/ ) will only be released for Samba versions in the 4.2 and higher releases; as Debian Stable (Jessie) presently has a 4.1.x release it will not receive this patch. The severity and impact of not releasing an updated upstream version is unknown, and I am quite worried that there isn't a backports version of the Samba packages to use a version that should (easily) have the security patch included.
