[Pkg-shadow-devel] Pre-approval for shadow 1:4.1.1-6
Florian Weimer
fw at deneb.enyo.de
Sat Nov 15 00:43:30 UTC 2008
* Nicolas François:
> Release Managers, Security Team:
> Do you want 505071 to be fixed also for Lenny?
Do you mean "etch" instead of "lenny"?
We'd probably release a DSA once there's a patch which has some track
record, but as far as I can tell, the issue has not been fully
analyzed yet. You guard against a symlink attack, but you don't seem
to ensure that the TTY name retrieved from the utmp file is correct in
the first place.
More information about the Pkg-shadow-devel
mailing list