Christian, On Wed, May 18, 2005 at 03:17:43AM -0400, Christian Perrier wrote: > Format: 1.7 > Date: Wed, 18 May 2005 07:35:04 +0200 > Source: shadow > Binary: login passwd > Architecture: source i386 > Version: 1:4.0.3-31sarge5 > Distribution: testing-proposed-updates > Urgency: high > Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> > Changed-By: Christian Perrier <bubulle@debian.org> > Description: > login - system login tools > passwd - change and administer password and group data > Closes: 309587 > Changes: > shadow (1:4.0.3-31sarge5) testing-proposed-updates; urgency=high > . > * Re-apply the debian/patches/036_CAN-2004-1001_passwd_check patch > which fixed the "Adjusted password check to fix authentication bypass" > security issue (CAN-2004-1001) > Closes: #309587 This upload seems to have a number of problems: - I can't actually find anything in the interdiff between 4 and 5 indicating that this passwd_check patch is present - owing to the switch from CVS to SVN, the interdiff between 4 and 5 is also 92,000 lines long consisting mostly of changes to RCS ids, so it's possible the change is there and I overlooked it :/ - this version also re-adds the man/fr/po4a/fr directory that was removed in 3, further bloating the diff Could you confirm that the security patch is actually applied (and point me to it), and if not, please reupload with it properly applied and maybe with some of these other changes cleaned up? Thanks, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature