Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#73246 - Shadow: CVE-2013-4235 fixed in Shadow-4.11.1

Attached to Project: Arch Linux
Opened by Douglas R. Reno (renodr) - Monday, 03 January 2022, 18:41 GMT
Last edited by Allan McRae (Allan) - Thursday, 27 January 2022, 13:53 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

According to the release notes upstream, CVE-2013-4235 was fixed in Shadow. While it might be a Medium-severity CVE (per NVD), 8-9 years or so is still a very long time for a bug to be unfixed, regardless of the severity.

Additional info:
* package version(s)
* config and/or log files etc.
* link to upstream bug report, if any

https://github.com/shadow-maint/shadow/releases/tag/v4.11
https://github.com/shadow-maint/shadow/issues/317

Steps to reproduce:

N/A
This task depends upon

Closed by  Allan McRae (Allan)
Thursday, 27 January 2022, 13:53 GMT
Reason for closing:  Fixed
Additional comments about closing:  shadow-4.11.1-1
Comment by loqs (loqs) - Monday, 03 January 2022, 21:44 GMT
Do you have a path of trust from the signing key F1D08DB778185BF784002DFFE9FEEA06A85E3F9D to 66D0387DB85D320F8408166DB175CFA98F192AF2 which signed 4.10, 4.11 and 4.11.1?
Comment by Douglas R. Reno (renodr) - Monday, 03 January 2022, 23:32 GMT
I'm not aware of any sorry, I'm just another distributor, not related to the Shadow project at all. :)

Loading...