Bug#307259: [Pkg-shadow-devel] Bug#307259: Patch

Nicolas François Nicolas François <nicolas.francois@centraliens.net>, 307259@bugs.debian.org
Wed, 18 May 2005 00:24:13 +0200


Hi!

On Thu, May 05, 2005 at 09:44:41AM +0200, Christian Perrier wrote:
> Quoting Moritz Mühlenhoff (muehlenhoff@univention.de):
> > Hi,
> > attached you can find the relevant patch hunk from upstream's
> > 4.0.7->4.0.8 patch. The practical security impact is very small, thou=
gh.
> 
> 
> Thanks, Moritz, for isolating the upstream patch....
> 
> Security Team, what is suggestion about this bug? As said, the
> security impact is very small, but you may still want us to upload a
> fix for testing (I'm not sure about woody update...it's in your
> hands).

I had a look at the patch yesterday, and it applies to the create_mail
function of useradd.c, which was introduced after 4.0.3.

It seems to me that our outdated shadow does not have this bug.
I will close this bug before the end of the week, but would like other
eyes on it.

I checked other appearance of O_CREAT in the trunk and sarge branch, and
it seems OK to me.

Thanks anyway Moritz, it pointed me to the upstream changelog and to this
kind of issues.

Best Regards,
-- 
Nekral