r22660 - in /desktop/lenny/system-tools-backends/debian: changelog patches/08_use_md5.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Mon Dec 21 19:40:34 UTC 2009
Author: joss
Date: Mon Dec 21 19:40:33 2009
New Revision: 22660
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=22660
Log:
* NMU.
* Fix CVE-2008-6792 "limiting effective password length to 8 characters"
and another related bug in do_get_use_md5(). Closes: #527952.
Added:
desktop/lenny/system-tools-backends/debian/patches/08_use_md5.patch
Modified:
desktop/lenny/system-tools-backends/debian/changelog
desktop/lenny/system-tools-backends/debian/patches/series
Modified: desktop/lenny/system-tools-backends/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/system-tools-backends/debian/changelog?rev=22660&op=diff
==============================================================================
--- desktop/lenny/system-tools-backends/debian/changelog [utf-8] (original)
+++ desktop/lenny/system-tools-backends/debian/changelog [utf-8] Mon Dec 21 19:40:33 2009
@@ -1,3 +1,11 @@
+system-tools-backends (2.6.0-2lenny3) stable; urgency=high
+
+ * NMU.
+ * Fix CVE-2008-6792 "limiting effective password length to 8 characters"
+ and another related bug in do_get_use_md5(). Closes: #527952.
+
+ -- Jan Christoph Nordholz <hesso at pool.math.tu-berlin.de> Mon, 18 May 2009 21:29:21 +0200
+
system-tools-backends (2.6.0-2lenny2) stable; urgency=low
* 01_debian_4.0.patch: completely remove all the brain-dead version
Added: desktop/lenny/system-tools-backends/debian/patches/08_use_md5.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/system-tools-backends/debian/patches/08_use_md5.patch?rev=22660&op=file
==============================================================================
--- desktop/lenny/system-tools-backends/debian/patches/08_use_md5.patch (added)
+++ desktop/lenny/system-tools-backends/debian/patches/08_use_md5.patch [utf-8] Mon Dec 21 19:40:33 2009
@@ -1,0 +1,23 @@
+Add fix for CVE 2008-6792 and another related bug in do_get_use_md5().
+
+ -- James Westby <james.westby at canonical.com>
+ -- Jan Christoph Nordholz <hesso at pool.math.tu-berlin.de>
+
+--- system-tools-backends-2.6.0.orig/Users/Users.pm 2008-03-09 13:21:45.000000000 +0000
++++ system-tools-backends-2.6.0/Users/Users.pm 2009-05-18 15:41:15.246049271 +0000
+@@ -286,13 +286,14 @@
+
+ if ($line[0] eq "\@include")
+ {
+- $use_md5 = &do_get_use_md5 ($line[1]);
++ $use_md5 |= &do_get_use_md5 ($line[1]);
+ }
+ elsif ($line[0] eq "password")
+ {
+ foreach $i (@line)
+ {
+ $use_md5 = 1 if ($i eq "md5");
++ $use_md5 = 1 if ($i =~ /^sha\d+/);
+ }
+ }
+ }
Modified: desktop/lenny/system-tools-backends/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/lenny/system-tools-backends/debian/patches/series?rev=22660&op=diff
==============================================================================
--- desktop/lenny/system-tools-backends/debian/patches/series [utf-8] (original)
+++ desktop/lenny/system-tools-backends/debian/patches/series [utf-8] Mon Dec 21 19:40:33 2009
@@ -4,4 +4,5 @@
04_correct_perl_command.patch
05_cve_2008_4311.patch
07_dont_symlink_localtime.patch
+08_use_md5.patch
60_fix-permissions-of-pid-file.patch
More information about the pkg-gnome-commits
mailing list