On Wed, May 18, 2005 at 07:44:37AM +0200, Christian Perrier wrote: > Package: shadow > Severity: normal > Tags: security sarge sid > > It appears that, for some mysterious reason, the patch we applied in > 4.0.3-30.3 for shadow is currently NOT applied in 4.0.3-31sarge4. > > As a consequence, the version of shadow in sarge IS affected and I hereby > tag this bug as release critical. > > I'm preparing an urgent upload to t-p-u to fix this. The next upload to the > unstable branch will also fix shadow there > > Martin and security team people, CAN-2004-1001 stated that sid (and now > sarge) are fixed, which they were back in November 2004. > > I'm very probably responsible for the mistake at some moment in the > complicated life of the shadow package these months. Please receive my > apologies for the possible extra work if a security announcement is to be > issued.
If you could add the fix for #307259 in the same upload, it'd be nice, I think, even if its gravity is probably overflated. Bye, Mt.
signature.asc
Description: Digital signature