William Harrington wrote:
On Sat, 23 Jul 2016 11:24:58 -0500
"Douglas R. Reno" <[email protected]> wrote:
Bruce Dubbs wrote:
I can find no description for this vulnerability. The links just say
that the Debian version is vulnerable and unfixed. Looking at Mitre,
they just say the CVE entry is reserved.
Without any detail, there is nothing we can do.
RedHat does say the vulnerabilty is 'local'
I did find this:
http://seclists.org/oss-sec/2016/q3/115
The CVE will remain reserved as long as a company like Novell (SuSE) or
RedHat feels like it. There is no policy on that. There are several that
have been released publicly that still say reserved thanks to the
actions of those companies. Canonical is probably the same way. See the
emails I forwarded privately for patches and such. I don't think Mailman
would approve of me forwarding all 7 of them at one time.
Hello Douglas,
Thank you for the Shadow resources. I've also been watching the
pkg-shadow-devel list for a long time. There are many updates since the
last Shadow release, and a new maintainer is also in the mix. They are
planning a Shadow 4.3 release which fixes a lot of issues. Be on the
lookout for it in a few weeks/months. The release has been slow moving.
Please review changes at https://github.com/shadow-maint/shadow
That's interesting William. That site has a 4.3.0 release but not the
4.2.1 release at http://pkg-shadow.alioth.debian.org/releases. The
filename is 4.3.0.tar.gz (no stem, just a number). That was apparently
released March 16 of this year.
It's not a very good 'release'. There is no configure. There are no man
pages -- they need to be generated and that uses xml2po. Evidently that is
in gnome-doc-utils but we definitely won't have that in LFS.
To get it to build, I had to remove the man and po subdirectories in the
Makefile. The --disable-man and --disable-nls did not work. We would
need to create those files separately and include them as a separate
download or create our own proper tarball with everything.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
