[Pkg-shadow-devel] shadow 4.1.2.2 released - security bug fix

[Nicolas François]

Hello,                                                                          
                                                                                
I've released shadow 4.1.2.2 to fix two security bugs for login.

Debian and derivatives are affected.
Fedora is not affected (the login used by Fedora is coming from
util-linux-ng)
Gentoo is probably affected.

You can find the 4.1.2.2 archive in:
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.2.2.tar.bz2
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.2.2.tar.bz2.sig

Here is the comprehensive changelog for this release:

shadow-4.1.2.1 -> shadow-4.1.2.2				23-11-2008

*** security
- Fix a race condition in login that could lead to gaining ownership or
  changing mode of arbitrary files.
- Fix a possible login DOS, which could be caused by injecting forged 
  entries in utmp.

Best Regards,
-- 
Nekral