* Solar Designer <solar@openwall.com> [011023 09:29]: > least one PAM'ified version of su(1) is suitable for the attack: the > one that is included in the shadow suite and used on Debian. I also On debian unstable/testing, the 'shadow-login' package does not exist, and only the 'login' package exists. AFAIK, this only has the PAM-based su in it. On Progeny's newton release, this is also true. On debian potato, it appears that the su there is also from pam. Could you please cite the version of Debian next time? Your the second person this month I've had to remind of this. Hence, I believe the statment is refrencing a older version of stable, users of 'stale' stable distributions should be advised that security updates aren't given for anything but the 'current' stable version, and that they should upgrade to potato. -- Scott Dier <dieman@ringworld.org> <sdier@debian.org> http://www.ringworld.org/ #linuxos@irc.openprojects.net Just say NO to Product Activation!
