[Pkg-shadow-devel] Re: Security fix for shadow in sarge
Martin Schulze
joey at infodrom.org
Fri Jun 30 03:12:24 UTC 2006
Christian Perrier wrote:
> Back in March, after a password leaking problem was discovered first
> in Ubuntu then in sarge default installs under certain conditions, a
> fix for the shadow package has been sent to you. This fix needed to be
> coordinated with a base-config fix which has been recently processed
> for r3 inclusion.
>
> We (shadow team) did NOT upload a fixed version of shadow anywhere.
There's an updated shadow package in the security queue, and I
remember asking for help with this issue, but didn't get a response.
> We would like to know now whether we need to do something or if the
> case is safely in your hands.
No, it's not safe. I'm also totally out of the issue at the moment
and don't remember any details.
> A fixed version of the package is quietly waiting on my HD if needed.
The same as attached or a different one?
Regards,
Joey
--
Those who don't understand Unix are condemned to reinvent it, poorly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shadow_4.0.3-31sarge6.diff.gz
Type: application/octet-stream
Size: 1320083 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20060630/c755b78b/shadow_4.0.3-31sarge6.diff-0001.obj
More information about the Pkg-shadow-devel
mailing list