-
shadow (1:4.0.3-37ubuntu10) breezy-security; urgency=low
* SECURITY UPDATE: Root privilege escalation.
* debian/patches/360_setuid_failure:
- src/passwd.c: Check for failing setuid() (which can happen if user hits
PAM limits). Before, passwd continued to run as root and executed
chfn/chsh/gpasswd as root instead of as the user.
- Thanks to Sune Kloppenborg Jeppesen for pointing this out.
-- Martin Pitt <email address hidden> Wed, 5 Jul 2006 08:33:50 +0000
-
shadow (1:4.0.3-37ubuntu8) breezy-security; urgency=low
* Tidy up after Malone bug #34606, which left passwords exposed in
/var/log/installer/cdebconf/questions.dat, by removing those passwords;
for good measure, make /var/log/installer/cdebconf/* world-unreadable if
this bug is detected.
-- Colin Watson <email address hidden> Sun, 12 Mar 2006 21:43:40 +0000
-
shadow (1:4.0.3-37ubuntu7) breezy; urgency=low
* Stop including passwd.templates in initial-passwd-udeb.templates; it's
no longer necessary with passthrough, and it triggers a debconf-copydb
bug which wipes out all translations in the target configdb.
-- Colin Watson <email address hidden> Tue, 11 Oct 2005 14:55:35 +0100
