[Pkg-shadow-devel] CAN-2004-1001 in sid and sarge
Christian Perrier
bubulle@debian.org
Wed, 18 May 2005 07:34:06 +0200
Quoting Nicolas Fran=E7ois (nicolas.francois@centraliens.net):
> Hi!
>=20
> While looking at the upstream changelog, I've read that Martin Schulze
> reported a security bug some times ago (CAN-2004-1001).
> It was fixed for Woody by debian/patches/036_CAN-2004-1001_passwd_check=
.diff,
> but I don't think this patch is applied in the sid package.
>=20
> I'm also not sure this patch is applied to the Sarge package (even if
> present in the source package).
You mean this=A0?
shadow (1:4.0.3-30.3) unstable; urgency=3Dhigh
* Non-maintainer upload: security fix using the woody patch
by the Security Team
* Adjusted password check to fix authentication bypass
[debian/patches/036_CAN-2004-1001_passwd_check]
* Debconf translations
- Brazilian Portuguese updated. Closes: #278051
- Norwegian Bokmal fixed. Closes: #277563
* Programs translations
- Indonesian updated. Closes: #277751, #277741
-- Christian Perrier <bubulle@debian.org> Tue, 2 Nov 2004 22:28:26 +01=
00
OH CRAP....It seems it jumped out from the sources, EVEN IN SARGE.
The file is here in debian/patches in the source file...but
unapplied.:-(