Problems while searching for a new upstream version
high
uscan had problems while searching for a new upstream version:
In debian/watch no matching files for watch line
https://fedorahosted.org/libuser/wiki/LibuserDownloads (?:|.*/)libuser(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
vcswatch reports that
there is an error with this package's VCS, or the debian/changelog file inside
it. Please check the error shown below and try to fix it. You might have
to update the VCS URL in the debian/control file to point to the correct
repository.
fatal: repository 'https://anonscm.debian.org/git/collab-maint/libuser.git/' not found
Lintian reports
7 warnings
about this package. You should make the package lintian clean getting rid of them.
Standards version of the package is outdated.
high
The package is severely out of date with respect to the Debian Policy.The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.2.1 instead of
3.9.8).
Depends on packages which need a new maintainer
normal
The packages that libuser depends on which need a new maintainer are:
CVE-2015-3246: libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
CVE-2015-3245: Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/libu/libuser.png){kind=link}