Hi, NMU is about to hit unstable and s-p-u. I've added the attached patch to the quilt series.
Regards, Jan
Add fix for CVE 2008-6792 and another related bug in do_get_use_md5().
-- James Westby <james.wes...@canonical.com>
-- Jan Christoph Nordholz <he...@pool.math.tu-berlin.de>
--- system-tools-backends-2.6.0.orig/Users/Users.pm 2008-03-09 13:21:45.000000000 +0000
+++ system-tools-backends-2.6.0/Users/Users.pm 2009-05-18 15:41:15.246049271 +0000
@@ -286,13 +286,14 @@
if ($line[0] eq "\...@include")
{
- $use_md5 = &do_get_use_md5 ($line[1]);
+ $use_md5 |= &do_get_use_md5 ($line[1]);
}
elsif ($line[0] eq "password")
{
foreach $i (@line)
{
$use_md5 = 1 if ($i eq "md5");
+ $use_md5 = 1 if ($i =~ /^sha\d+/);
}
}
}
signature.asc
Description: Digital signature
