[ubuntu/jaunty] libpam-krb5 3.13-2ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Wed Mar 4 03:05:24 GMT 2009
libpam-krb5 (3.13-2ubuntu1) jaunty; urgency=low
* Merge from Debian unstable, remaining changes:
- debian/{pam-auth-update,postinst,prerm}, debian/rules, debian/dirs:
enable pam_krb5 by default using the new pam-auth-update support.
- debian/control: depend on libpam-runtime (>= 1.0.1-6) for the
above.
* Logging is now done with the LOG_AUTHPRIV facility. LP: #227531.
libpam-krb5 (3.13-2) unstable; urgency=low
* Upload to unstable.
libpam-krb5 (3.13-1) experimental; urgency=high
* New upstream release.
- SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore
user environment variables that specify the local keytab and
Kerberos configuration. Protects against a privilege escalation
vulnerability.
- SECURITY (CVE-2009-0361): Protect against applications calling
pam_setcred with PAM_REINITIALIZE_CREDS as root in a setuid
context. This API call is designed to reinitialize an existing
Kerberos ticket cache and therefore trusts the KRB5CCNAME
environment variable, but in a setuid context, this may allow
overwriting arbitrary files.
* Install the upstream NEWS file as an upstream changelog.
* Add ${misc:Depends} to the package dependencies.
* Improve wording for the GPL pointer. The package may be distributed
under any version of the GPL.
libpam-krb5 (3.12-1) experimental; urgency=low
* New upstream release.
- New alt_auth_map, force_alt_auth, and only_alt_auth options to map
usernames to alternative Kerberos principals for authentication.
- Log to authpriv, not auth.
- Correctly log an exit status of ignore during debugging.
- Document ssh session requirement. (Closes: #492039)
- Document ignore handling with [] actions. (Closes: #492379)
* Update to debhelper compatibility mode V7.
- Use debhelper rule minimization except for configure.
- Let the upstream Makefile do the installation.
* Remove NEWS.Debian, only of interest in upgrades from sarge.
Date: Wed, 04 Mar 2009 02:54:58 +0000
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/jaunty/+source/libpam-krb5/3.13-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 04 Mar 2009 02:54:58 +0000
Source: libpam-krb5
Binary: libpam-krb5
Architecture: source
Version: 3.13-2ubuntu1
Distribution: jaunty
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
libpam-krb5 - PAM module for MIT Kerberos
Closes: 492039 492379
Launchpad-Bugs-Fixed: 227531
Changes:
libpam-krb5 (3.13-2ubuntu1) jaunty; urgency=low
.
* Merge from Debian unstable, remaining changes:
- debian/{pam-auth-update,postinst,prerm}, debian/rules, debian/dirs:
enable pam_krb5 by default using the new pam-auth-update support.
- debian/control: depend on libpam-runtime (>= 1.0.1-6) for the
above.
* Logging is now done with the LOG_AUTHPRIV facility. LP: #227531.
.
libpam-krb5 (3.13-2) unstable; urgency=low
.
* Upload to unstable.
.
libpam-krb5 (3.13-1) experimental; urgency=high
.
* New upstream release.
- SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore
user environment variables that specify the local keytab and
Kerberos configuration. Protects against a privilege escalation
vulnerability.
- SECURITY (CVE-2009-0361): Protect against applications calling
pam_setcred with PAM_REINITIALIZE_CREDS as root in a setuid
context. This API call is designed to reinitialize an existing
Kerberos ticket cache and therefore trusts the KRB5CCNAME
environment variable, but in a setuid context, this may allow
overwriting arbitrary files.
* Install the upstream NEWS file as an upstream changelog.
* Add ${misc:Depends} to the package dependencies.
* Improve wording for the GPL pointer. The package may be distributed
under any version of the GPL.
.
libpam-krb5 (3.12-1) experimental; urgency=low
.
* New upstream release.
- New alt_auth_map, force_alt_auth, and only_alt_auth options to map
usernames to alternative Kerberos principals for authentication.
- Log to authpriv, not auth.
- Correctly log an exit status of ignore during debugging.
- Document ssh session requirement. (Closes: #492039)
- Document ignore handling with [] actions. (Closes: #492379)
* Update to debhelper compatibility mode V7.
- Use debhelper rule minimization except for configure.
- Let the upstream Makefile do the installation.
* Remove NEWS.Debian, only of interest in upgrades from sarge.
Checksums-Sha1:
a186aaeb6ef0148ff11c616e13a30b565efa6335 1318 libpam-krb5_3.13-2ubuntu1.dsc
846bdda11fe473d838dfe2644ce84c98fa647580 158726 libpam-krb5_3.13.orig.tar.gz
a638174fc321822a04ad963fc22c13c633b94abc 13793 libpam-krb5_3.13-2ubuntu1.diff.gz
Checksums-Sha256:
88a0bd773b93b4e6f397a0a685f6c081471cd5bf52e8fbfc7c0f45b31eecc9de 1318 libpam-krb5_3.13-2ubuntu1.dsc
298fa3c02070d72d7fc6ef1f74fd898f6c6a0637169297be9d39b00847fdfcc8 158726 libpam-krb5_3.13.orig.tar.gz
e1d81479f5370848f1f51a8381d1fab5b083e9f7631cf37065ed8afc43b184e4 13793 libpam-krb5_3.13-2ubuntu1.diff.gz
Files:
7ec255589bbaa8a104615a67ea0e4671 1318 net optional libpam-krb5_3.13-2ubuntu1.dsc
1f69a491c45ce76065fc8055b1a7be37 158726 net optional libpam-krb5_3.13.orig.tar.gz
83e286675ce6fd6be29ef934f8da533c 13793 net optional libpam-krb5_3.13-2ubuntu1.diff.gz
Original-Maintainer: Russ Allbery <rra at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJre+EKN6ufymYLloRAh/MAJ9J4gotedktfd5FYMMEy8IHRKj/5QCgm/g7
Grgcn5adfccfj3hfdzIgBvM=
=kTSu
-----END PGP SIGNATURE-----
More information about the Jaunty-changes
mailing list