Karl, I have just recently browsed the passwd packages bugs and there are quite a number of them who have not been addressed (some) for over a year. Many of these bugs could be considered security related because some of the tools provided will not work with MD5 passwods (recommended in Debian installation).
Many bug reports do not even have a followup by the maintainer saying: "this is true, will fix". There is a new release upstream (as #150237 says) that seems to fix some of the bugs (such as #142070, #89803, #81721) since PAM support has been added (as far as I can see in http://cvs.pld.org.pl/shadow/ChangeLog?rev=1.1) also these entries are important: * src/useradd.c: - fix a security bug (adduser could overwrite previously existing groups (shadow-19990827-group.patch from RH), * lib/commonio.c: - installed fix for SEGV when using pwck -s on /etc/passwd file with empty lines in it Most other changes are documentation-related (translated manpages). Do you need help with this package? You could consider uploading a new upstream version up to experimental and ask bug-trackers to follow it and see if it fixes (some of) the bugs that are currently over a year old. Best regards Javi PS: CCing QA since there is the people that might provide help PS: Incidently I just filed a bug against xscreensaver and against passwd, sorry :(
pgpEc6iYjZhG5.pgp
Description: PGP signature
