On Tue, Dec 09, 2014 at 03:34:43PM +0000, Mark Brown wrote:
> severity 721737 normal
> kthxbye
>
> On Tue, Dec 09, 2014 at 02:18:52PM +0100, Goswin von Brederlow wrote:
> > Not being able to change the password is a security problem. Raising
> > severity
> > to grave.
>
> Please don't inflate severities pointlessly; there are simple solutions
> to this like changing passwords by logging into a specific system to do
> so which people will doubtless have adopted in the decade or so this has
> been present if they are affected.
1) What system? The segfault always happens on every system. You simply
can not change your nis password at all.
2) And it hasn't been a decade. It was reported a bit over a year ago.
3) I first noticed this failing on Ubuntu recently while the nis
upstream version is indeed been around for ages. It used to work
previously with near identical version. So unless you changed
yppasswd.c in one of the debian revisions this probably is triggered
by a change in the crypt() implementation that is more recent, one
that validates the salt properly.
4 ) This is a security issue so raising the severity is not pointless.
Users need to be able to change their password. Especially the initial
one set by the admin on account creation.
5) There has been a trivial 1 line patch for the bug for the whole
time.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
