[Pkg-shadow-devel] Dealing with #142070 : chpasswd uses DES even when system is configured for MD5 passwords
Christian Perrier
bubulle@debian.org
Wed, 6 Apr 2005 06:42:37 +0200
reopen 142070
tags 142070 woody
thanks
Quoting Nicolas Fran=E7ois (nicolas.francois@centraliens.net):
> One question regarding #142070 (or #283961, etc.) and the last answer f=
rom
> Tim Warnock. As this bug was tagged security, should we prepare a new
> package for stable proposed update? Should we inform
> team@security.debian.org, as asked by Matt Zimmerman (#283961)?
>=20
> I'm asking this because I've seen 3.0r5 is under preparation:
> http://lists.debian.org/debian-devel-announce/2005/04/msg00002.html
> I wonder if #283961 meet the first requirement (fixes a security proble=
m,
> but no advisory).
That's not untrue..:-)
I forgot this was tagged "security". Indeed, this problem is subject
to interpretation=A0: tagging it "security" is a little overflated,
IMHO. But, well, let's take this the hard way....so reopening the bug,
tagging it, inform security@debian.org....
May someone in the team try to apply the fix we applied to #283961 on
woody's shadow? This is 010_chpasswd-md5.dpatch in the sid branch. For
people not involved in the shadow maintenance team, I send it to
#142070 separately.