Format: 1.8 Date: Thu, 19 May 2011 08:44:14 -0400 Source: pam Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc Architecture: i386 all i386_translations Version: 1.1.1-2ubuntu5.2 Distribution: lucid Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Marc Deslauriers Description: libpam-cracklib - PAM module to enable cracklib support libpam-doc - Documentation of PAM libpam-modules - Pluggable Authentication Modules for PAM libpam-runtime - Runtime support for the PAM library libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM Changes: pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low . * SECURITY UPDATE: multiple issues with lack of adequate privilege dropping - debian/patches/security-dropprivs.patch: introduce new privilege dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*, libpam/include/security/pam_modutil.h, libpam/libpam.map, modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c, modules/pam_xauth/pam_xauth.c. - CVE-2010-3316 - CVE-2010-3430 - CVE-2010-3431 - CVE-2010-3435 - CVE-2010-4706 - CVE-2010-4707 * SECURITY UPDATE: privilege escalation via incorrect environment - debian/patches/CVE-2010-3853.patch: use clean environment in modules/pam_namespace/pam_namespace.c. - CVE-2010-3853 * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it isn't needed for Ubuntu, and it needs to be rewritten to work with the massive privilege refactoring in the security patches. Checksums-Sha1: bcfdb5ad4b355c39117804df4e44682f171d4fe4 124124 libpam0g_1.1.1-2ubuntu5.2_i386.deb a9735f11eb672e101faff36b9cf4ef7613aaa8b2 359462 libpam-modules_1.1.1-2ubuntu5.2_i386.deb 0092bccf7082986936132c2988e3821ca259b487 115180 libpam-runtime_1.1.1-2ubuntu5.2_all.deb 798d9767a47f276fbb4bc65d98d15262b5a39e4d 184654 libpam0g-dev_1.1.1-2ubuntu5.2_i386.deb 1de9e9cf6e0903a5126cb259096a49ee52064117 87366 libpam-cracklib_1.1.1-2ubuntu5.2_i386.deb 7be1e5c3e053fe7fd471c1779ae4db1cb410f126 315214 libpam-doc_1.1.1-2ubuntu5.2_all.deb 3f8a01da921f323e5267d6c75f1f1f2bc4b82524 247383 pam_1.1.1-2ubuntu5.2_i386_translations.tar.gz Checksums-Sha256: 5dba766879982a00641de86a263a14b7bb84d237dad5b3cfc4131928af986c85 124124 libpam0g_1.1.1-2ubuntu5.2_i386.deb 06af3d1d3ef60aedab62f7837d67f2e611e433d5e5dd54194b8f43b23dc2b1f7 359462 libpam-modules_1.1.1-2ubuntu5.2_i386.deb 092d114e58c7d25fdbce6fbbe2681a10784596be8b0c7331d56d36680880fdca 115180 libpam-runtime_1.1.1-2ubuntu5.2_all.deb 04c63e153cf191df2c87d3469072727823f5de4cc201beb410f7d48a12261eb6 184654 libpam0g-dev_1.1.1-2ubuntu5.2_i386.deb 77ad93abecefa3ad3f91f8a6545092b3ec8c521e66d7ba09487297667d5eab04 87366 libpam-cracklib_1.1.1-2ubuntu5.2_i386.deb 3fd0e4b2f9870ce8684b45b7f58bc28beb99693733175d01bfefa2c6bb22a51c 315214 libpam-doc_1.1.1-2ubuntu5.2_all.deb 0c5ecea7b43f7975d0e345ba2055d646161b74d5054fbb6cb417bf6bde26aeaa 247383 pam_1.1.1-2ubuntu5.2_i386_translations.tar.gz Files: c818f297513bda2cb6175baf91a1e2d1 124124 libs required libpam0g_1.1.1-2ubuntu5.2_i386.deb 17599219b7b12d6a6e73a8f68bf85046 359462 admin required libpam-modules_1.1.1-2ubuntu5.2_i386.deb 7bc0fa756ed72beb1a6296e1adc1d671 115180 admin required libpam-runtime_1.1.1-2ubuntu5.2_all.deb fa66ee0c24adad5fd85cd26c16ad4365 184654 libdevel optional libpam0g-dev_1.1.1-2ubuntu5.2_i386.deb 54a53112f91da37a0b2597564d5cee30 87366 admin optional libpam-cracklib_1.1.1-2ubuntu5.2_i386.deb 78c98180e21c518cd9dfc0834d55a7bd 315214 doc optional libpam-doc_1.1.1-2ubuntu5.2_all.deb 04fadd3300ab44c6fa927a654294dce1 247383 raw-translations - pam_1.1.1-2ubuntu5.2_i386_translations.tar.gz Original-Maintainer: Steve Langasek