[Pkg-shadow-devel] Bug#309587: shadow: CAN-2004-1001 still in sarge
Christian Perrier
Christian Perrier <bubulle@debian.org>, 309587@bugs.debian.org
Wed, 18 May 2005 07:44:37 +0200
Package: shadow
Severity: normal
Tags: security sarge sid
It appears that, for some mysterious reason, the patch we applied in
4.0.3-30.3 for shadow is currently NOT applied in 4.0.3-31sarge4.
As a consequence, the version of shadow in sarge IS affected and I hereby
tag this bug as release critical.
I'm preparing an urgent upload to t-p-u to fix this. The next upload to the
unstable branch will also fix shadow there
Martin and security team people, CAN-2004-1001 stated that sid (and now
sarge) are fixed, which they were back in November 2004.
I'm very probably responsible for the mistake at some moment in the
complicated life of the shadow package these months. Please receive my
apologies for the possible extra work if a security announcement is to be
issued.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)