pam (0.99.7.1-5ubuntu6.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service or privilege escalation via
- debian/patches/CVE-2009-0887.patch: fix signedness error in
* SECURITY UPDATE: multiple issues with lack of adequate privilege
- debian/patches/security-dropprivs.patch: introduce new privilege
dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
* SECURITY UPDATE: privilege escalation via incorrect environment
- debian/patches/CVE-2010-3853.patch: use clean environment in
* debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
isn't needed for Ubuntu, and it needs to be rewritten to work with the
massive privilege refactoring in the security patches.
* debian/control: added Pre-Depends to libpam-modules so it won't get
updated without pulling in the updated libpam0g.
-- Marc Deslauriers <email address hidden> Wed, 25 May 2011 10:16:14 -0400