On Mon, Dec 08, 2008 at 11:22:34AM +0100, Nicolas François wrote:
> On Mon, Dec 08, 2008 at 09:37:42AM +1100, [EMAIL PROTECTED] wrote:
> > > The bug should affect ubuntu and probably gentoo (4.1.2.2 already
> > > packaged). Not RedHat / Mandrake.
> >
> > A quick peek into shadow-utils-4.1.2-8.fc10
On Mon, Dec 08, 2008 at 09:37:42AM +1100, [EMAIL PROTECTED] wrote:
> > The bug should affect ubuntu and probably gentoo (4.1.2.2 already
> > packaged). Not RedHat / Mandrake.
>
> A quick peek into shadow-utils-4.1.2-8.fc10.src.rpm suggests Fedora is
> also affected. I do not know about RHEL.
shad
I wrote a little while ago:
> A quick peek into shadow-utils-4.1.2-8.fc10.src.rpm suggests Fedora is
> also affected. I do not know about RHEL.
A quick peek into shadow-utils-4.0.17-14.el5.src.rpm suggests RHEL is
just as bad.
Cheers, Paul
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.
> The bug should affect ubuntu and probably gentoo (4.1.2.2 already
> packaged). Not RedHat / Mandrake.
A quick peek into shadow-utils-4.1.2-8.fc10.src.rpm suggests Fedora is
also affected. I do not know about RHEL.
Ubuntu now notified directly:
https://bugs.launchpad.net/ubuntu/+source/shadow/+b
On Mon, Dec 08, 2008 at 08:20:36AM +1100, [EMAIL PROTECTED] wrote:
> Dear Nicolas,
>
> On 23 Nov you wrote:
>
> >> - alert other Linux distros,
> > A new upstream version was released this weekend.
>
> Have not seen any distros make announcements. What distros use that?
> (Am surprised that ev
Dear Nicolas,
On 23 Nov you wrote:
>> - alert other Linux distros,
> A new upstream version was released this weekend.
Have not seen any distros make announcements. What distros use that?
(Am surprised that even Ubuntu has not updated, though normally they
seem responsive.)
Cheers, Paul
Paul
On Sun, Nov 23, 2008 at 10:29:55PM +0100, [EMAIL PROTECTED] wrote:
> On Sun, Nov 23, 2008 at 10:24:26PM +0100, Nicolas François wrote:
> >
> > I made an upload for Etch (-7etch1, also to fix #505271)
> > Moritz, if you can't see it, maybe I did it wrong.
>
> I don't see any trace of it on klecker
On Sun, Nov 23, 2008 at 10:24:26PM +0100, Nicolas François wrote:
> Hello,
>
> On Mon, Nov 24, 2008 at 08:01:42AM +1100, [EMAIL PROTECTED] wrote:
> >
> > Seems your message relates to "old" things, Nicolas has fixed this for
> > lenny already.
>
> I've made an upload to fix #505271, but not this
Hello,
On Mon, Nov 24, 2008 at 08:01:42AM +1100, [EMAIL PROTECTED] wrote:
>
> Seems your message relates to "old" things, Nicolas has fixed this for
> lenny already.
I've made an upload to fix #505271, but not this bug (#505071).
The answer on debian-release was not enough for me to also fix #50
Dear Moritz,
Seems your message relates to "old" things, Nicolas has fixed this for
lenny already.
Please also:
- fix for etch,
- alert other Linux distros,
- issue DSA.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics Univer
On Sat, Nov 22, 2008 at 10:03:39PM +1100, Paul Szabo wrote:
> Dear Moritz,
>
> Yes, Nicolas's patch does fix the problem. But please note:
> (1) It is my patch, not Nicolas's, was first proposed in
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505071#15
> (2) There is no such patch, nobod
Dear Moritz,
Yes, Nicolas's patch does fix the problem. But please note:
(1) It is my patch, not Nicolas's, was first proposed in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505071#15
(2) There is no such patch, nobody has made a "diff" file,
much less a compiled/built package to try.
On Fri, Nov 14, 2008 at 08:33:43PM +1100, Paul Szabo wrote:
> Dear Nekral,
>
> Long ago you wrote:
>
> >> ... Should I attempt to write an exploit/demo?
> > That would be nice to check if it would be possible to chown
> > /etc/shadow by cheating utmp.
>
> Done, I now have a working PoC/demo/expl
Dear Nekral,
Long ago you wrote:
>> ... Should I attempt to write an exploit/demo?
> That would be nice to check if it would be possible to chown
> /etc/shadow by cheating utmp.
Done, I now have a working PoC/demo/exploit ... am not yet releasing
it publicly.
Cheers,
Paul Szabo [EMAIL PROTEC
14 matches
Mail list logo