shadow - Debian Package Tracker

general

source: shadow (main)
version: 1:4.11.1+dfsg1-2
maintainer: Shadow package maintainers (archive) (DMD)
uploaders: Balint Reczey [DMD] – Serge Hallyn [DMD]
arch: any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:4.4-4.1
o-o-sec: 1:4.4-4.1+deb9u1
oldstable: 1:4.5-1.1
stable: 1:4.8.1-1
testing: 1:4.11.1+dfsg1-2
unstable: 1:4.11.1+dfsg1-2

versioned links

1:4.4-4.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.4-4.1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.5-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.11.1+dfsg1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsubid-dev
libsubid4
login (11 bugs: 0, 6, 5, 0)
passwd (23 bugs: 0, 15, 8, 0)
uidmap

action needed

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2019-03-21 Last update: 2022-05-22 14:34

6 bugs tagged patch in the BTS normal

The BTS contains patches fixing 6 bugs, consider including or untagging them.

Created: 2021-08-14 Last update: 2022-05-22 14:34

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libsubid-dev could be marked Multi-Arch: same

Created: 2022-01-31 Last update: 2022-05-22 11:43

lintian reports 21 warnings normal

Lintian reports 21 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-01-01 Last update: 2022-01-01 04:35

1 low-priority security issue in buster low

There is 1 open security issue in buster.

1 issue left for the package maintainer to handle:

CVE-2018-7169: (needs triaging) An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

You can find information about how to handle this issue in the security team's documentation.

Created: 2021-02-19 Last update: 2022-03-09 07:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.1).

Created: 2014-11-21 Last update: 2022-05-11 23:24

news

[rss feed]

[2022-03-09] shadow 1:4.11.1+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2022-03-03] Accepted shadow 1:4.11.1+dfsg1-2 (source) into unstable (Balint Reczey)
[2022-02-02] shadow 1:4.11.1+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2022-01-31] Accepted shadow 1:4.11.1+dfsg1-1 (source) into unstable (Balint Reczey)
[2022-01-24] Accepted shadow 1:4.11.1+dfsg1-0exp1 (source amd64) into experimental, experimental (Debian FTP Masters) (signed by: Balint Reczey)
[2021-11-16] shadow 1:4.8.1-2 MIGRATED to testing (Debian testing watch)
[2021-11-11] Accepted shadow 1:4.8.1-2 (source) into unstable (Balint Reczey)
[2021-11-08] shadow 1:4.8.1-1.1 MIGRATED to testing (Debian testing watch)
[2021-11-02] Accepted shadow 1:4.8.1-1.1 (source) into unstable (Johannes Schauer Marin Rodrigues)
[2021-03-17] Accepted shadow 1:4.4-4.1+deb9u1 (source) into oldstable (Sylvain Beucler)
[2020-02-13] shadow 1:4.8.1-1 MIGRATED to testing (Debian testing watch)
[2020-02-07] Accepted shadow 1:4.8.1-1 (source) into unstable (Balint Reczey)
[2020-01-06] shadow 1:4.8-1 MIGRATED to testing (Debian testing watch)
[2019-12-20] Accepted shadow 1:4.8-1 (source) into unstable (Balint Reczey)
[2019-07-22] shadow 1:4.7-2 MIGRATED to testing (Debian testing watch)
[2019-07-16] Accepted shadow 1:4.7-2 (source) into unstable (Balint Reczey)
[2019-07-14] shadow 1:4.7-1 MIGRATED to testing (Debian testing watch)
[2019-07-08] Accepted shadow 1:4.7-1 (source) into unstable (Balint Reczey)
[2018-08-03] shadow 1:4.5-1.1 MIGRATED to testing (Debian testing watch)
[2018-07-27] Accepted shadow 1:4.5-1.1 (source amd64) into unstable (Andreas Henriksson)
[2017-10-03] shadow 1:4.5-1 MIGRATED to testing (Debian testing watch)
[2017-09-27] Accepted shadow 1:4.5-1 (source) into unstable (Balint Reczey)
[2017-05-31] Accepted shadow 1:4.2-3+deb8u4 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-05-24] shadow 1:4.4-4.1 MIGRATED to testing (Debian testing watch)
[2017-05-22] Accepted shadow 1:4.4-4.1 (source) into unstable (Salvatore Bonaccorso)
[2017-04-30] Accepted shadow 1:4.2-3+deb8u3 (source) into proposed-updates->stable-new, proposed-updates (Balint Reczey) (signed by: Salvatore Bonaccorso)
[2017-04-30] Accepted shadow 1:4.2-3+deb8u2 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2017-02-26] Accepted shadow 1:4.1.5.1-1+deb7u1 (source amd64) into oldstable (Balint Reczey)
[2017-02-26] shadow 1:4.4-4 MIGRATED to testing (Debian testing watch)
[2017-02-24] Accepted shadow 1:4.4-4 (source) into unstable (Balint Reczey)

bugs [bug history graph]

all: 54 55
RC: 0
I&N: 28 29
M&W: 26
F&P: 0
patch: 6
help: 1

links

homepage
lintian (0, 21)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (27, 52)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.8.1-2ubuntu2
82 bugs (3 patches)
patches for 1:4.8.1-2ubuntu2