Hi,
3.17-34 didn't make it into jessie. Could you please upload a fixed
package to stable-proposed-updates or maybe even security?
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.
On Sat, Dec 13, 2014 at 09:03:33AM -0500, Jon Daley wrote:
> You've made a couple references to using shadow and nis being unusual. Do
> people usually turn off shadow passwords when using other systems? And you
Well, it's more that they don't usually deploy NIS on systems that
default to shado
On Fri, 12 Dec 2014, Mark Brown wrote:
On Fri, Dec 12, 2014 at 07:07:07AM -0500, Jon Daley wrote:
On Fri, 12 Dec 2014, Goswin von Brederlow wrote:
As I posted in the original report, there was a change to crypt() which now
exposes a long standing bug in nis.
OK, so this is new information. Th
On Fri, Dec 12, 2014 at 07:07:07AM -0500, Jon Daley wrote:
> On Fri, 12 Dec 2014, Goswin von Brederlow wrote:
> >>The normal thing I've seen is to have people log onto the master server
> >>(or make some similar arrangement) and make the change there.
> >I think you can have a setup where nis expo
On Fri, 12 Dec 2014, Goswin von Brederlow wrote:
The normal thing I've seen is to have people log onto the master server
(or make some similar arrangement) and make the change there.
I think you can have a setup where nis exports the /etc/passwd of one
master server or something. But at least t
On Fri, Dec 12, 2014 at 12:10:10AM +, Mark Brown wrote:
> On Thu, Dec 11, 2014 at 08:00:28PM +0100, Goswin von Brederlow wrote:
> > On Tue, Dec 09, 2014 at 03:34:43PM +, Mark Brown wrote:
>
> > > Please don't inflate severities pointlessly; there are simple solutions
> > > to this like cha
On Thu, Dec 11, 2014 at 08:00:28PM +0100, Goswin von Brederlow wrote:
> On Tue, Dec 09, 2014 at 03:34:43PM +, Mark Brown wrote:
> > Please don't inflate severities pointlessly; there are simple solutions
> > to this like changing passwords by logging into a specific system to do
> > so which p
On Tue, Dec 09, 2014 at 03:34:43PM +, Mark Brown wrote:
> severity 721737 normal
> kthxbye
>
> On Tue, Dec 09, 2014 at 02:18:52PM +0100, Goswin von Brederlow wrote:
> > Not being able to change the password is a security problem. Raising
> > severity
> > to grave.
>
> Please don't inflate se
severity 721737 normal
kthxbye
On Tue, Dec 09, 2014 at 02:18:52PM +0100, Goswin von Brederlow wrote:
> Not being able to change the password is a security problem. Raising severity
> to grave.
Please don't inflate severities pointlessly; there are simple solutions
to this like changing passwords
Not being able to change the password is a security problem. Raising severity
to grave.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: nis
Version: 3.17-32
Severity: normal
I might have something in my NIS configuration that is displaying this bug, but
I think it is a bug whether or not that is the case.
On line 410 of yppasswd.c, crypt() is run, with the salt parameter that is only
checked to be one character long.
If
11 matches
Mail list logo
