Bug#307259: [Pkg-shadow-devel] Bug#309587: shadow: CAN-2004-1001 still in sarge
Martin Quinson
Martin Quinson <martin.quinson@loria.fr>, 307259@bugs.debian.org
Wed, 18 May 2005 09:08:43 +0200
--MW5yreqqjyrRcusr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, May 18, 2005 at 07:44:37AM +0200, Christian Perrier wrote:
> Package: shadow
> Severity: normal
> Tags: security sarge sid
>=20
> It appears that, for some mysterious reason, the patch we applied in
> 4.0.3-30.3 for shadow is currently NOT applied in 4.0.3-31sarge4.
>=20
> As a consequence, the version of shadow in sarge IS affected and I hereby
> tag this bug as release critical.
>=20
> I'm preparing an urgent upload to t-p-u to fix this. The next upload to t=
he
> unstable branch will also fix shadow there
>=20
> Martin and security team people, CAN-2004-1001 stated that sid (and now
> sarge) are fixed, which they were back in November 2004.
>=20
> I'm very probably responsible for the mistake at some moment in the
> complicated life of the shadow package these months. Please receive my
> apologies for the possible extra work if a security announcement is to be
> issued.
If you could add the fix for #307259 in the same upload, it'd be nice, I
think, even if its gravity is probably overflated.
Bye, Mt.
--MW5yreqqjyrRcusr
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCiun7IiC/MeFF8zQRAmDOAJ9Xbwmb68NzO1lSuBqD+sMrxuB51ACfVazl
l2G6oVbOIlRgY/Fy7PkLVmM=
=MNWM
-----END PGP SIGNATURE-----
--MW5yreqqjyrRcusr--