[Pkg-shadow-devel] Bug#914957: Bug#914957: login: removal of pts/* from /etc/securetty wasn't applied in stretch

Bálint Réczey balint at balintreczey.hu
Sat Dec 8 20:57:11 GMT 2018


Control: block -1 by 877374

Hi,

Salvatore Bonaccorso <carnil at debian.org> ezt írta (időpont: 2018. nov.
29., Cs, 6:11):
>
> Control: fixed -1 1:4.5-1
>
> Hi,
>
> [disclaimer: not the maintainer here]
>
> On Thu, Nov 29, 2018 at 02:15:18PM +1100, russm wrote:
> > Package: login
> > Version: 1:4.4-4.1
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > The addition of pts/* to /etc/securetty was reverted in 1:4.5-1 but
> > *not* in packages installed to stretch. Please backport this fix to
> > 1:4.4-*
>
> The stretch update part of this is requested here:
> https://bugs.debian.org/877374

While I believe securetty should be disabled by default and nullok is
a bad practice I offered the backport in #877374 and this is the most
I can do as the maintainer.

Cheers,
Balint



More information about the Pkg-shadow-devel mailing list