Add fix for CVE 2008-6792 and another related bug in do_get_use_md5().

 -- James Westby <james.westby@canonical.com>
 -- Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>

--- system-tools-backends-2.6.0.orig/Users/Users.pm	2008-03-09 13:21:45.000000000 +0000
+++ system-tools-backends-2.6.0/Users/Users.pm	2009-05-18 15:41:15.246049271 +0000
@@ -286,13 +286,14 @@
 
     if ($line[0] eq "\@include")
     {
-      $use_md5 = &do_get_use_md5 ($line[1]);
+      $use_md5 |= &do_get_use_md5 ($line[1]);
     }
     elsif ($line[0] eq "password")
     {
       foreach $i (@line)
       {
         $use_md5 = 1 if ($i eq "md5");
+        $use_md5 = 1 if ($i =~ /^sha\d+/);
       }
     }
   }