It appears the CVE-2013-4235 has been fixed in the upstream project, Release: 4.11. Is there any intent by Debian to backport the fix? https://github.com/shadow-maint/shadow/releases/tag/v4.11
Jeff -- *For more information on how and why we collect your personal information, please visit our Privacy Policy <https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*
