Usually the material at the Novell CVE site detail all affected releases. In this case they make no mention of SLES 9 OR SLES 10 for this issue, where we know that 3.0.36 releases of Samba are affected.
In this case there is no evidence to support whether SLES 9 OR 10 is or is not affected. Without documentation I cannot provide definitive evidence to our security group. I can open a case with Novell but was wondering if anyone has run into similar situations?