Package: ftp.debian.org
Due to security vulernabilities of this package and upstream not being
able to correctly fix them. Please refer to the following chat log:
15:06 >jcristau< AnAnt: the code is broken
15:07 >nion< AnAnt: it does not tell you the password is invalid it does tell
you I need to be SUID for VT locking.\n
15:07 <nion> because the effective user id is not 0 (root) if(geteuid() != 0){
15:07 <AnAnt> nion: yes, I removed the geteuid() != 0 check
15:08 >nion< AnAnt: why do tell me this _now_?
15:08 <AnAnt> nion: if getpwuid does not need suid, then I don't need this
geteuid check, do I ?
15:08 <nion> args
15:08 <jcristau> it tries to read /etc/shadow
15:08 <jcristau> to get your password
15:08 <nion> lol
15:09 <jcristau> seriously that my_getpwuid function is full of crap
15:09 <AnAnt> jcristau: what do you suggest ?
15:10 <nion> oh it uses getspnam()
15:10 <jcristau> nion: yeah
15:10 >jcristau< AnAnt: i suggest to stop distributing that in debian
15:11 <nion> ACK looking at the fact that the upstream also doesn't seem to
know what he is doing i think it makes no sense to fix this cause we would have
to check every new upload. sadly vulnerable people stay vulnerable this way
--
أحمد المحمودي (Ahmed El-Mahmoudy)
Digital design engineer
GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net)
GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]