FS#73246 : Shadow: CVE-2013-4235 fixed in Shadow-4.11.1

FS#73246 - Shadow: CVE-2013-4235 fixed in Shadow-4.11.1

Attached to Project: Arch Linux
Opened by Douglas R. Reno (renodr) - Monday, 03 January 2022, 18:41 GMT
Last edited by Allan McRae (Allan) - Thursday, 27 January 2022, 13:53 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

According to the release notes upstream, CVE-2013-4235 was fixed in Shadow. While it might be a Medium-severity CVE (per NVD), 8-9 years or so is still a very long time for a bug to be unfixed, regardless of the severity.

Additional info:
* package version(s)
* config and/or log files etc.
* link to upstream bug report, if any

https://github.com/shadow-maint/shadow/releases/tag/v4.11
https://github.com/shadow-maint/shadow/issues/317

Steps to reproduce:

N/A

This task depends upon

Closed by Allan McRae (Allan)
Thursday, 27 January 2022, 13:53 GMT
Reason for closing: Fixed
Additional comments about closing: shadow-4.11.1-1

Comment by loqs (loqs) - Monday, 03 January 2022, 21:44 GMT

Do you have a path of trust from the signing key F1D08DB778185BF784002DFFE9FEEA06A85E3F9D to 66D0387DB85D320F8408166DB175CFA98F192AF2 which signed 4.10, 4.11 and 4.11.1?

Comment by Douglas R. Reno (renodr) - Monday, 03 January 2022, 23:32 GMT

I'm not aware of any sorry, I'm just another distributor, not related to the Shadow project at all. :)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#73246 - Shadow: CVE-2013-4235 fixed in Shadow-4.11.1

Details

Loading...