diff --git a/debian/changelog b/debian/changelog
index 27e607a0..5317dc6d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -82,6 +82,8 @@ shadow (1:4.1.5-1) unstable; urgency=low
   * debian/patches/506_relaxed_usernames: Really check if the user/group
     name starts with a dash. Also forbid names starting with '+' or '~'.
     Document the naming policy in useradd.8 / groupadd.8.
+  * debian/patches/506_relaxed_usernames: Also forbid names containing a
+    comma.
   * debian/patches/901_testsuite_gcov: Do not revert the locale when testing
     with gcov to avoid coverage false negatives. This does not impact the
     debian binary package, only the test package.
@@ -90,7 +92,7 @@ shadow (1:4.1.5-1) unstable; urgency=low
   * Use "linux-any" instead of a negated list of architectures in
     Build-Depends. Closes: #634465
 
- -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>  Sun, 13 Nov 2011 17:26:12 +0100
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>  Sat, 19 Nov 2011 16:08:29 +0100
 
 shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
 
diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/506_relaxed_usernames
index d36ed67a..3a80e31b 100755
--- a/debian/patches/506_relaxed_usernames
+++ b/debian/patches/506_relaxed_usernames
@@ -3,7 +3,7 @@ Goal: Relaxed usernames/groupnames checking patch.
 Status wrt upstream: Debian specific. Not to be used upstream
 
 Details:
- Allows any non-empty user/grounames that don't contain ':' and '\n'
+ Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
  characters and don't start with '-', '+', or '~'. This patch is more
  restrictive than original Karl's version. closes: #264879
  Also closes: #377844
@@ -35,7 +35,7 @@ Details:
 +	 * portable filename character set [A-Za-z0-9._-], and that the hyphen
 +	 * should not be used as the first character of a portable user name.
 +	 *
-+	 * Allow more relaxed user/group names in Debian -- ^[^-+:~\s][^:\s]*$
++	 * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
 +	 */
 +	if (   ('\0' == *name)
 +	    || ('-'  == *name)
@@ -44,7 +44,7 @@ Details:
 +		return false;
 +	}
 +	do {
-+		if (*name == ':' || isspace(*name)) {
++		if ((':' == *name) || (',' == *name) || isspace(*name)) {
 +			return false;
 +		}
 +		name++;
@@ -54,7 +54,7 @@ Details:
  }
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -618,12 +618,20 @@
+@@ -631,12 +631,20 @@
      </para>
  
      <para>
@@ -67,7 +67,7 @@ Details:
      <para>
 +      On Debian, the only constraints are that usernames must neither start
 +      with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
-+      colon (':') or a whitespace (space: ' ',
++      colon (':'), a comma (','), or a whitespace (space: ' ',
 +      end of line: '\n', tabulation: '\t', etc.). Note that using a slash
 +      ('/') may break the default algorithm for the definition of the
 +      user's home directory.
@@ -78,7 +78,7 @@ Details:
    </refsect1>
 --- a/man/groupadd.8.xml
 +++ b/man/groupadd.8.xml
-@@ -224,12 +224,18 @@
+@@ -237,12 +237,18 @@
     <refsect1 id='caveats'>
       <title>CAVEATS</title>
       <para>
@@ -91,7 +91,7 @@ Details:
       <para>
 +       On Debian, the only constraints are that groupnames must neither start
 +       with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
-+       colon (':') or a whitespace (space:' ',
++       colon (':'), a comma (','), or a whitespace (space:' ',
 +       end of line: '\n', tabulation: '\t', etc.).
 +     </para>
 +     <para>