[1969] in linux-security and linux-alert archive
[linux-security] Re: shadow-971001
daemon@ATHENA.MIT.EDU (High Tide)
Sun Jul 12 04:05:46 1998
Date: Sat, 11 Jul 1998 23:51:57 -0500 (EST)
From: High Tide <hightide@ginch.org>
Reply-To: High Tide <hightide@ginch.org>
To: M Taylor <mctaylor@mta.ca>
cc: linux-security@redhat.com
In-Reply-To: <3.0.5.16.19980711210817.2a67e740@mailserv.mta.ca>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
> Did you inform the shadow package maintainer?
no, not yet. I was actually hoping someone would just tell me I was
wrong, and I could rest easily.
> If you have the source, or even the docs this shouldn't be much of a
> problem an email address should be included, a simple CC would suffice.
I found another thing that I thought was a problem (I figured out it
wasn't before I sent the message, but I still sent it out about the
original issue), so I did dig up the email address located in the docs,
and it bounced.
<<< 550 <jfh@tab.com>... User unknown
there were also many reference in the source/docs to marekm. Anyone know
who this is? nevermind, I see it below.
> In fact, I think it was the maintainer of the shadow package who complained
> that vendors or users (don't remember) were producing their own patches,
> yet not informing him of the risk or the patch.
I agree, which is part of the reason I tried to make everyone aware how
stupid I am in not notifying the right people.
> Maintained-by: marekm@piast.t19.ds.pwr.wroc.pl (Marek Michalkiewicz)
> Current version appears to be 980628 first off...
I'll check the latest version and mail marek if it's still present.
Thanks.
Sean
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null