Hello,
recently (2017-05-17) I noticed that login and passwd have been updated (login:amd64 1:4.2-3+deb8u4, passwd:amd64 1:4.2-3+deb8u4), but this doesn't seem to be mentioned on debian.org or debian.org/security.
Noticed such behaviour since several years that not all security advisories seem to be posted/mentioned. But why is that? Security advisories for login and passwd are critical per se, and I am kinda worried if this would not be mentioned on debian.org/security.
Thanks for any enlightenment; and sorry if this is mentioned somewhere, but I didn't find any information in the Debian security FAQ or with a search engine.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Not every security advisory mentioned on debian.org?
Re: Not every security advisory mentioned on debian.org?
I'm wondering about this too!
When I checked the history.log file in /var/log/apt, I do see the following:
Start-Date: 2017-05-17 13:32:42
Commandline: apt upgrade
Upgrade: passwd:amd64 (4.2-3+deb8u3, 4.2-3+deb8u4), login:amd64 (4.2-3+deb8u3, 4.2-3+deb8u4)
End-Date: 2017-05-17 13:33:06
So why doesn't security.debian.org list this?
Cheers!
When I checked the history.log file in /var/log/apt, I do see the following:
Start-Date: 2017-05-17 13:32:42
Commandline: apt upgrade
Upgrade: passwd:amd64 (4.2-3+deb8u3, 4.2-3+deb8u4), login:amd64 (4.2-3+deb8u3, 4.2-3+deb8u4)
End-Date: 2017-05-17 13:33:06
So why doesn't security.debian.org list this?
Cheers!
-
- Posts: 1939
- Joined: 2006-04-21 11:19
- Location: Sol Sector
- Has thanked: 1 time
- Been thanked: 2 times
Re: Not every security advisory mentioned on debian.org?
I've also noticed the same thing. Out of curiosity, I went to look at the change logs for those two packages.
https://packages.debian.org/jessie/login
https://packages.debian.org/jessie/passwd
The link to the change log is under "Debian Resources" on the right-hand side of the page. For both packages, the link to the change log is a dead link. The "Debian Patch Tracker" link is also dead.
Phil
https://packages.debian.org/jessie/login
https://packages.debian.org/jessie/passwd
The link to the change log is under "Debian Resources" on the right-hand side of the page. For both packages, the link to the change log is a dead link. The "Debian Patch Tracker" link is also dead.
Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times
Re: Not every security advisory mentioned on debian.org?
https://lists.debian.org/debian-securit ... 00114.html
It was simply a bugfix for the patch for a previous DSA (here https://www.debian.org/security/2017/dsa-3793) so probably isn't a separate one by itself - and is against the shadow source package rather than the binary packages produced from it.
It was simply a bugfix for the patch for a previous DSA (here https://www.debian.org/security/2017/dsa-3793) so probably isn't a separate one by itself - and is against the shadow source package rather than the binary packages produced from it.
AdrianTM wrote:There's no hacker in my grandma...
Re: Not every security advisory mentioned on debian.org?
If you still have the curiosity, you can read the changelogs for Debian on those packages you have upgraded on your system at:pcalvert wrote:I've also noticed the same thing. Out of curiosity, I went to look at the change logs for those two packages.
/usr/share/doc/passwd/changelog.Debian.gz
/usr/share/doc/login/changelog.Debian.gz