Bug#527952: system-tools-backends: CVE-2008-6792
Jan Christoph Nordholz
hesso at pool.math.tu-berlin.de
Sat May 9 17:11:45 UTC 2009
Hi,
while you're at it, there is another bug in that small perl
function: do_get_use_md5() recurses when it encounters an
'@include' line and overwrites its $use_md5 variable with
the result. Therefore the following /etc/pam.d/passwd would
make the function return 0:
required pam_unix.so md5
@include empty_file
Regards,
Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090509/afef41e7/attachment.pgp>
More information about the pkg-gnome-maintainers
mailing list