[ubuntu/oneiric-security] pam_1.1.3-2ubuntu2.1_amd64_translations.tar.gz, pam_1.1.3-2ubuntu2.1_i386_translations.tar.gz, pam, pam_1.1.3-2ubuntu2.1_armel_translations.tar.gz, pam_1.1.3-2ubuntu2.1_powerpc_translations.tar.gz 1.1.3-2ubuntu2.1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Oct 24 19:03:31 UTC 2011
pam (1.1.3-2ubuntu2.1) oneiric-security; urgency=low
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/pam_env.c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches-applied/update-motd: updated to use clean environment
and absolute paths in modules/pam_motd/pam_motd.c.
- CVE-2011-XXXX
Date: Tue, 18 Oct 2011 09:33:47 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/pam/1.1.3-2ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Tue, 18 Oct 2011 09:33:47 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-modules-bin libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source
Version: 1.1.3-2ubuntu2.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libpam-cracklib - PAM module to enable cracklib support
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Launchpad-Bugs-Fixed: 874469 874565
Changes:
pam (1.1.3-2ubuntu2.1) oneiric-security; urgency=low
.
* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/pam_env.c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches-applied/update-motd: updated to use clean environment
and absolute paths in modules/pam_motd/pam_motd.c.
- CVE-2011-XXXX
Checksums-Sha1:
69bdb3697e4294e5b4a28b0e39f7d586ec855e5d 2260 pam_1.1.3-2ubuntu2.1.dsc
e11f9385a91a414739416258a5d6c6249e3c2c4b 285759 pam_1.1.3-2ubuntu2.1.diff.gz
Checksums-Sha256:
f6214d51b14500496a9e21967323c13888ef4f24ac64c5c7380affbddc22bcb7 2260 pam_1.1.3-2ubuntu2.1.dsc
c1885332f6e0aa332ac65d4e43a011367c2490f31c1f41c7f9985dbf59475502 285759 pam_1.1.3-2ubuntu2.1.diff.gz
Files:
4361461f0fd0a3a0250c7c2a4b130883 2260 libs optional pam_1.1.3-2ubuntu2.1.dsc
0f10c39785d1143c4e3509f971694407 285759 libs optional pam_1.1.3-2ubuntu2.1.diff.gz
Original-Maintainer: Steve Langasek <vorlon at debian.org>
More information about the Oneiric-changes
mailing list