[ubuntu/maverick-security] pam_1.1.1-4ubuntu2.4_powerpc_translations.tar.gz, pam_1.1.1-4ubuntu2.4_amd64_translations.tar.gz, pam_1.1.1-4ubuntu2.4_i386_translations.tar.gz, pam, pam_1.1.1-4ubuntu2.4_armel_translations.tar.gz 1.1.1-4ubuntu2.4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Oct 24 19:04:14 UTC 2011
pam (1.1.1-4ubuntu2.4) maverick-security; urgency=low
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/pam_env.c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches-applied/update-motd: updated to use clean environment
and absolute paths in modules/pam_motd/pam_motd.c.
- CVE-2011-XXXX
Date: Tue, 18 Oct 2011 10:05:50 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/pam/1.1.1-4ubuntu2.4
-------------- next part --------------
Format: 1.8
Date: Tue, 18 Oct 2011 10:05:50 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 1.1.1-4ubuntu2.4
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libpam-cracklib - PAM module to enable cracklib support
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Launchpad-Bugs-Fixed: 874469 874565
Changes:
pam (1.1.1-4ubuntu2.4) maverick-security; urgency=low
.
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/pam_env.c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches-applied/update-motd: updated to use clean environment
and absolute paths in modules/pam_motd/pam_motd.c.
- CVE-2011-XXXX
Checksums-Sha1:
b6f2ec5514f9ac5bc61996a5250404071e19b2a8 2241 pam_1.1.1-4ubuntu2.4.dsc
0ff3d5157b772c160645ce6400abf7cf74a5bb54 269580 pam_1.1.1-4ubuntu2.4.diff.gz
Checksums-Sha256:
75627a065e5564447d029bebca192e2b625558752bd303a289ae9a568017f7ed 2241 pam_1.1.1-4ubuntu2.4.dsc
520ee02fa2da1e69ce8d8c7c66ab831e7e88cbfb182eb86b7d1526da39c42ed5 269580 pam_1.1.1-4ubuntu2.4.diff.gz
Files:
67a479881c6cdd11becfcad775ad5893 2241 libs optional pam_1.1.1-4ubuntu2.4.dsc
3ea92719a5d30be039ac92dfe4eb42ec 269580 libs optional pam_1.1.1-4ubuntu2.4.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
More information about the Maverick-changes
mailing list