diff -Nru systemd-204/debian/changelog systemd-204/debian/changelog --- systemd-204/debian/changelog 2018-11-09 15:20:41.000000000 +0000 +++ systemd-204/debian/changelog 2019-03-07 16:30:13.000000000 +0000 @@ -1,3 +1,13 @@ +systemd (204-5ubuntu20.31) trusty-security; urgency=medium + + * SECURITY UDPATE: Unsafe environment usage in pam_systemd.so leads to + incorrect Policykit authorization + - debian/patches/CVE-2019-3842.patch: Use secure_getenv() rather than + getenv() in pam_systemd.c + - CVE-2019-3842 + + -- Chris Coulson Thu, 07 Mar 2019 16:30:13 +0000 + systemd (204-5ubuntu20.29) trusty; urgency=medium * d/p/0001-udev-build-by-path-identifiers-for-ATA-devices.patch diff -Nru systemd-204/debian/patches/CVE-2019-3842.patch systemd-204/debian/patches/CVE-2019-3842.patch --- systemd-204/debian/patches/CVE-2019-3842.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-204/debian/patches/CVE-2019-3842.patch 2019-03-07 16:30:13.000000000 +0000 @@ -0,0 +1,25 @@ +--- a/src/login/pam-module.c ++++ b/src/login/pam-module.c +@@ -424,11 +424,11 @@ + + seat = pam_getenv(handle, "XDG_SEAT"); + if (isempty(seat)) +- seat = getenv("XDG_SEAT"); ++ seat = secure_getenv("XDG_SEAT"); + + cvtnr = pam_getenv(handle, "XDG_VTNR"); + if (isempty(cvtnr)) +- cvtnr = getenv("XDG_VTNR"); ++ cvtnr = secure_getenv("XDG_VTNR"); + + service = strempty(service); + tty = strempty(tty); +@@ -477,7 +477,7 @@ + + class = pam_getenv(handle, "XDG_SESSION_CLASS"); + if (isempty(class)) +- class = getenv("XDG_SESSION_CLASS"); ++ class = secure_getenv("XDG_SESSION_CLASS"); + if (isempty(class)) + class = class_pam; + if (isempty(class)) diff -Nru systemd-204/debian/patches/series systemd-204/debian/patches/series --- systemd-204/debian/patches/series 2018-11-09 14:53:10.000000000 +0000 +++ systemd-204/debian/patches/series 2019-03-07 16:30:13.000000000 +0000 @@ -42,3 +42,4 @@ CVE-2018-1049.patch logind-fix-small-memleaks.patch 0001-udev-build-by-path-identifiers-for-ATA-devices.patch +CVE-2019-3842.patch