Debian bug report logs -
#1673, boring messages
Message sent to debian-devel@pixar.com:
Subject: Bug#1673: npasswd won't install, and has security problems
Reply-To: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, debian-bugs@pixar.com
Resent-From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Resent-To: debian-devel@pixar.com
Resent-Date: Fri, 13 Oct 1995 16:03:02 GMT
Resent-Message-ID: <debian-bugs-handler.1673.B10131557230@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: npasswd
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Fri, 13 Oct 1995 16:03:02 GMT
Received: with rfc822 via encapsulated-mail; Fri, 13 Oct 1995 15:57:21 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t3mSZ-000DmJC; Fri, 13 Oct 95 08:55 PDT
Received: from i17linuxb.ists.pwr.wroc.pl by pixar.com with SMTP id AA09104
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Fri, 13 Oct 1995 08:55:21 -0700
Received: (from marekm@localhost) by i17linuxb.ists.pwr.wroc.pl (8.6.12/8.6.9) id QAA02252 for debian-bugs@pixar.com; Fri, 13 Oct 1995 16:55:36 +0100
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Message-Id: <199510131555.QAA02252@i17linuxb.ists.pwr.wroc.pl>
To: debian-bugs@pixar.com
Date: Fri, 13 Oct 1995 16:55:33 +0100 (MET)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 905
Package: npasswd
Version: 1.2-8
The npasswd-1.2-8.deb package in "contrib" won't install (at least with
dpkg-1.0.0) - dpkg complains something about bad file format or some such.
No big loss - this version seems to have some fundamental security holes
like strcpy() of user-supplied username without checking if it will fit
in the destination array. Someone else should look at the source to
confirm this, but if this is true, better remove the package and tell
everyone to remove it from their system if anyone managed to install it.
There is a new version, npasswd 2.0, under development, currently only
available for "serious developers". I don't know what is the definition
of a "serious developer" used by the author, I had no success getting
the beta version, maybe someone else will look more serious than me :-).
See http://uts.cc.utexas.edu/~clyde/npasswd.html for more information.
Marek
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Subject: Bug#1673: Acknowledgement (was: npasswd won't install, and has security problems)
In-Reply-To: <199510131555.QAA02252@i17linuxb.ists.pwr.wroc.pl>
References: <199510131555.QAA02252@i17linuxb.ists.pwr.wroc.pl>
Thank you for the problem report you have sent regarding Debian GNU/Linux.
This is an automatically generated reply, to let you know your message has
been received. It is being forwarded to the developers' mailing list for
their attention; they will reply in due course.
If you wish to submit further information on your problem, please send
it to debian-bugs@pixar.com, but please ensure that the Subject
line of your message starts with "Bug#1673" or "Re: Bug#1673" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: mitchell@mdd.comm.mot.com (Bill Mitchell)
In-Reply-To: <9510132225.AA02842@bb29c.mdd.comm.mot.com>
References: <9510132225.AA02842@bb29c.mdd.comm.mot.com> <199510131555.QAA02252@i17linuxb.ists.pwr.wroc.pl>
Subject: Bug#1673: marked as done (was: npasswd won't install, and has security problems)
Your message dated Fri, 13 Oct 95 15:25:28 PDT
with message-id <9510132225.AA02842@bb29c.mdd.comm.mot.com>
and subject line Bug#1673: npasswd won't install, and has security problems
has caused the attached bug report to be marked as done.
It is your now responsibility to ensure that the bug report is dealt
with.
(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Ian Jackson
(maintainer, debian-bugs)
Received: with rfc822 via encapsulated-mail; Fri, 13 Oct 1995 15:57:21 GMT
From i17linuxb.ists.pwr.wroc.pl!marekm Fri Oct 13 08:55:47 1995
Return-Path: <marekm@i17linuxb.ists.pwr.wroc.pl>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t3mSZ-000DmJC; Fri, 13 Oct 95 08:55 PDT
Received: from i17linuxb.ists.pwr.wroc.pl by pixar.com with SMTP id AA09104
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Fri, 13 Oct 1995 08:55:21 -0700
Received: (from marekm@localhost) by i17linuxb.ists.pwr.wroc.pl (8.6.12/8.6.9) id QAA02252 for debian-bugs@pixar.com; Fri, 13 Oct 1995 16:55:36 +0100
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Message-Id: <199510131555.QAA02252@i17linuxb.ists.pwr.wroc.pl>
Subject: npasswd won't install, and has security problems
To: debian-bugs@pixar.com
Date: Fri, 13 Oct 1995 16:55:33 +0100 (MET)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 905
Package: npasswd
Version: 1.2-8
The npasswd-1.2-8.deb package in "contrib" won't install (at least with
dpkg-1.0.0) - dpkg complains something about bad file format or some such.
No big loss - this version seems to have some fundamental security holes
like strcpy() of user-supplied username without checking if it will fit
in the destination array. Someone else should look at the source to
confirm this, but if this is true, better remove the package and tell
everyone to remove it from their system if anyone managed to install it.
There is a new version, npasswd 2.0, under development, currently only
available for "serious developers". I don't know what is the definition
of a "serious developer" used by the author, I had no success getting
the beta version, maybe someone else will look more serious than me :-).
See http://uts.cc.utexas.edu/~clyde/npasswd.html for more information.
Marek
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Subject: Bug#1673 acknowledged by developer (was: npasswd won't install, and has security problems)
References: <9510132225.AA02842@bb29c.mdd.comm.mot.com> <199510131555.QAA02252@i17linuxb.ists.pwr.wroc.pl>
In-Reply-To: <199510131555.QAA02252@i17linuxb.ists.pwr.wroc.pl>
This is an automatic notification regarding your bug report.
Responsibility for it has been taken by one of the developers, namely
mitchell@mdd.comm.mot.com (Bill Mitchell).
You should be hearing from them with a substantive response shortly, if
you have not already done so. If not, please contact them directly,
or email debian-bugs@pixar.com or myself.
Ian Jackson
(maintainer, debian-bugs)
Ian Jackson /
iwj10@thor.cam.ac.uk,
with the debian-bugs tracking mechanism