shadow - Debian Package Tracker

general

source: shadow (main)
version: 1:4.16.0-5
maintainer: Shadow package maintainers (archive) (DMD)
uploaders: Chris Hofstaedtler [DMD] – Serge Hallyn [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:4.5-1.1
oldstable: 1:4.8.1-1
stable: 1:4.13+dfsg1-1
testing: 1:4.16.0-5
unstable: 1:4.16.0-5

versioned links

1:4.5-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.13+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.16.0-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsubid-dev
libsubid5
login.defs (1 bugs: 0, 0, 1, 0)
passwd (23 bugs: 0, 16, 7, 0)
uidmap (1 bugs: 0, 1, 0, 0)

action needed

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2024-02-25 Last update: 2024-11-21 08:02

Depends on packages which need a new maintainer normal

The packages that shadow depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2024-11-21 06:33

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 6605806a6da2120f1a007a96b862013b54820fc6
Author: Chris Hofstaedtler <zeha@debian.org>
Date:   Sat Nov 16 15:49:18 2024 +0100

    Add NEWS entry about faillog
    
    Closes: #1074320

Created: 2024-08-06 Last update: 2024-11-16 15:35

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-11-16 Last update: 2024-11-16 11:04

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2023-4641: (needs triaging) A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
CVE-2023-29383: (needs triaging) In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2024-11-21 04:00

debian/patches: 11 patches to forward upstream low

Among the 12 debian patches available in version 1:4.16.0-5 of the package, we noticed the following issues:

11 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-11-16 11:05

news

[rss feed]

[2024-11-21] shadow 1:4.16.0-5 MIGRATED to testing (Debian testing watch)
[2024-11-15] Accepted shadow 1:4.16.0-5 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-08-28] shadow 1:4.16.0-4 MIGRATED to testing (Debian testing watch)
[2024-08-05] Accepted shadow 1:4.16.0-4 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-08-05] Accepted shadow 1:4.16.0-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-08-05] Accepted shadow 1:4.16.0-2 (source) into experimental (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-08-03] Accepted shadow 1:4.16.0-1 (source arm64 all) into experimental (Debian FTP Masters) (signed by: Christian Hofstaedtler)
[2024-07-21] Accepted shadow 1:4.15.3-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-07-13] shadow 1:4.15.3-2 MIGRATED to testing (Debian testing watch)
[2024-07-07] Accepted shadow 1:4.15.3-2 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-07-06] Accepted shadow 1:4.15.3-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-07-01] shadow 1:4.15.2-3 MIGRATED to testing (Debian testing watch)
[2024-07-01] shadow 1:4.15.2-3 MIGRATED to testing (Debian testing watch)
[2024-06-26] Accepted shadow 1:4.15.2-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-25] Accepted shadow 1:4.15.2-2 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-22] Accepted shadow 1:4.15.2-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-22] Accepted shadow 1:4.15.1-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-08] shadow 1:4.13+dfsg1-5 MIGRATED to testing (Debian testing watch)
[2024-06-02] Accepted shadow 1:4.13+dfsg1-5 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-02-24] shadow 1:4.13+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2024-02-18] Accepted shadow 1:4.13+dfsg1-4 (source) into unstable (Serge Hallyn) (signed by: Jonathan Carter)
[2023-10-21] shadow 1:4.13+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2023-10-21] shadow 1:4.13+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2023-10-15] Accepted shadow 1:4.13+dfsg1-3 (source) into unstable (Balint Reczey)
[2023-10-02] shadow 1:4.13+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2023-09-27] Accepted shadow 1:4.13+dfsg1-2 (source) into unstable (Balint Reczey)
[2022-11-17] shadow 1:4.13+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2022-11-11] Accepted shadow 1:4.13+dfsg1-1 (source) into unstable (Balint Reczey)
[2022-11-11] shadow 1:4.12.3+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2022-11-05] Accepted shadow 1:4.12.3+dfsg1-3 (source) into unstable (Balint Reczey)

bugs [bug history graph]

all: 38
RC: 0
I&N: 20
M&W: 17
F&P: 1
patch: 3

links

homepage
lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (34, 55)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.15.3-3ubuntu2
92 bugs (4 patches)
patches for 1:4.15.3-3ubuntu2