[Pkg-shadow-devel] Re: Security fix for shadow in sarge

Martin Schulze joey at infodrom.org
Fri Jun 30 03:12:24 UTC 2006

Christian Perrier wrote:
> Back in March, after a password leaking problem was discovered first
> in Ubuntu then in sarge default installs under certain conditions, a
> fix for the shadow package has been sent to you. This fix needed to be
> coordinated with a base-config fix which has been recently processed
> for r3 inclusion.
> We (shadow team) did NOT upload a fixed version of shadow anywhere.

There's an updated shadow package in the security queue, and I
remember asking for help with this issue, but didn't get a response.

> We would like to know now whether we need to do something or if the
> case is safely in your hands.

No, it's not safe.  I'm also totally out of the issue at the moment
and don't remember any details.

> A fixed version of the package is quietly waiting on my HD if needed.

The same as attached or a different one?



Those who don't understand Unix are condemned to reinvent it, poorly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shadow_4.0.3-31sarge6.diff.gz
Type: application/octet-stream
Size: 1320083 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20060630/c755b78b/shadow_4.0.3-31sarge6.diff-0001.obj

More information about the Pkg-shadow-devel mailing list