Debian Package Tracker

general

source: shadow (source, admin)
version: 1:4.4-4.1
maintainer: Shadow package maintainers (archive) [DMD]
uploaders: Serge Hallyn [DMD] – Christian Perrier [DMD] – Balint Reczey [DMD]
arch: any
std-ver: 3.9.5
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:4.1.5.1-1
o-o-sec: 1:4.1.5.1-1+deb7u1
oldstable: 1:4.2-3+deb8u4
old-sec: 1:4.2-3+deb8u4
stable: 1:4.4-4.1
testing: 1:4.4-4.1
unstable: 1:4.4-4.1

versioned links

1:4.1.5.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.1.5.1-1+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.2-3+deb8u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.4-4.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

login
passwd
uidmap

action needed

A new upstream version is available: 4.5

high

A new upstream version 4.5 is available, you should consider packaging it.

Created: 2017-08-12 Last update: 2017-08-22 01:26

1 security issue in sid

high

There is 1 open security issue in sid.

1 important issue:

CVE-2017-12424: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Please fix it.

Created: 2017-08-05 Last update: 2017-08-17 07:26

1 security issue in buster

high

There is 1 open security issue in buster.

1 important issue:

CVE-2017-12424: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Please fix it.

Created: 2017-08-05 Last update: 2017-08-17 07:26

lintian reports 6 warnings

high

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-02-28 Last update: 2017-07-27 07:19

Depends on packages which need a new maintainer

normal

The packages that shadow depends on which need a new maintainer are:

docbook-xsl (#802370)
- Build-Depends: docbook-xsl
docbook-xml (#802368)
- Build-Depends: docbook-xml

Created: 2015-10-20 Last update: 2017-08-22 01:31

1 bug tagged help in the BTS

normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2016-05-08 Last update: 2017-08-22 01:11

12 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 12 bugs, consider including or untagging them.

Created: 2017-08-12 Last update: 2017-08-22 01:11

1 ignored security issue in wheezy

low

There is 1 open security issue in wheezy.

1 issue skipped by the security teams:

CVE-2017-12424: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Please fix it.

Created: 2017-08-05 Last update: 2017-08-17 07:26

1 ignored security issue in jessie

low

There is 1 open security issue in jessie.

1 issue skipped by the security teams:

CVE-2017-12424: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Please fix it.

Created: 2017-08-05 Last update: 2017-08-17 07:26

1 ignored security issue in stretch

low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2017-12424: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Please fix it.

Created: 2017-08-05 Last update: 2017-08-17 07:26

Build log checks report 1 warning

low

Build log checks report 1 warning

Created: 2017-01-07 Last update: 2017-01-07 01:07

Standards version of the package is outdated.

wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 3.9.8 instead of 3.9.5).

Created: 2014-11-21 Last update: 2017-05-22 18:53

news

[rss feed]

[2017-05-31] Accepted shadow 1:4.2-3+deb8u4 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-05-24] shadow 1:4.4-4.1 MIGRATED to testing (Debian testing watch)
[2017-05-22] Accepted shadow 1:4.4-4.1 (source) into unstable (Salvatore Bonaccorso)
[2017-04-30] Accepted shadow 1:4.2-3+deb8u3 (source) into proposed-updates->stable-new, proposed-updates (Balint Reczey) (signed by: Salvatore Bonaccorso)
[2017-04-30] Accepted shadow 1:4.2-3+deb8u2 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-02-26] Accepted shadow 1:4.1.5.1-1+deb7u1 (source amd64) into oldstable (Balint Reczey)
[2017-02-26] shadow 1:4.4-4 MIGRATED to testing (Debian testing watch)
[2017-02-24] Accepted shadow 1:4.4-4 (source) into unstable (Balint Reczey)
[2017-02-05] shadow 1:4.4-3 MIGRATED to testing (Debian testing watch)
[2017-01-25] Accepted shadow 1:4.4-3 (source) into unstable (Balint Reczey)
[2017-01-19] Accepted shadow 1:4.4-2 (source) into unstable (Balint Reczey)
[2017-01-17] shadow 1:4.4-1 MIGRATED to testing (Debian testing watch)
[2017-01-06] Accepted shadow 1:4.4-1 (source) into unstable (Balint Reczey)
[2016-12-03] shadow 1:4.2-3.3 MIGRATED to testing (Debian testing watch)
[2016-11-27] Accepted shadow 1:4.2-3.3 (source amd64) into unstable (Samuel Thibault)
[2016-09-25] shadow 1:4.2-3.2 MIGRATED to testing (Debian testing watch)
[2016-09-19] Accepted shadow 1:4.2-3.2 (source) into unstable (Mattia Rizzolo)
[2015-11-19] Accepted shadow 1:4.2-3+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Bastian Blank)
[2015-11-18] shadow 1:4.2-3.1 MIGRATED to testing (Britney)
[2015-11-12] Accepted shadow 1:4.2-3.1 (source) into unstable (Bastian Blank)
[2014-12-01] shadow 1:4.2-3 MIGRATED to testing (Britney)
[2014-11-20] Accepted shadow 1:4.2-3 (source i386) into unstable (Christian Perrier)
[2014-05-15] shadow 1:4.2-2 MIGRATED to testing (Debian testing watch)
[2014-05-04] Accepted shadow 1:4.2-2 (source i386) (Christian Perrier)
[2014-04-23] Accepted shadow 1:4.2-1 (source i386) (Christian Perrier)
[2014-03-22] shadow 1:4.1.5.1-1.1 MIGRATED to testing (Debian testing watch)
[2014-03-16] Accepted shadow 1:4.1.5.1-1.1 (source amd64) (Samuel Thibault)
[2012-06-05] shadow 1:4.1.5.1-1 MIGRATED to testing (Debian testing watch)
[2012-05-25] Accepted shadow 1:4.1.5.1-1 (source powerpc) (Nicolas FRANCOIS (Nekral)) (signed by: Nicolas FRANÇOIS)
[2012-02-23] shadow 1:4.1.5-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 59 60
RC: 0
I&N: 29 30
M&W: 30
F&P: 0

links

homepage
lintian (0, 6)
buildd: logs, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.2-3.2ubuntu3
83 bugs (6 patches)
patches for 1:4.2-3.2ubuntu3