Format: 1.8 Date: Thu, 19 May 2011 08:42:33 -0400 Source: pam Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc Architecture: amd64 amd64_translations Version: 1.1.1-4ubuntu2.2 Distribution: maverick Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: libpam-cracklib - PAM module to enable cracklib support libpam-doc - Documentation of PAM libpam-modules - Pluggable Authentication Modules for PAM libpam-runtime - Runtime support for the PAM library libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM Changes: pam (1.1.1-4ubuntu2.2) maverick-security; urgency=low . * SECURITY UPDATE: multiple issues with lack of adequate privilege dropping - debian/patches/security-dropprivs.patch: introduce new privilege dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*, libpam/include/security/pam_modutil.h, libpam/libpam.map, modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c, modules/pam_xauth/pam_xauth.c. - CVE-2010-3316 - CVE-2010-3430 - CVE-2010-3431 - CVE-2010-3435 - CVE-2010-4706 - CVE-2010-4707 * SECURITY UPDATE: privilege escalation via incorrect environment - debian/patches/CVE-2010-3853.patch: use clean environment in modules/pam_namespace/pam_namespace.c. - CVE-2010-3853 * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it isn't needed for Ubuntu, and it needs to be rewritten to work with the massive privilege refactoring in the security patches. Checksums-Sha1: fed249cc3757c96d6da5eb71c49df732b7b166eb 96140 libpam0g_1.1.1-4ubuntu2.2_amd64.deb 41e7da9503712511e39c4b063bdc0df8f93c4b70 338644 libpam-modules_1.1.1-4ubuntu2.2_amd64.deb 40f4978cbbb24b0eeaa1a0e535308374eb0c270c 159294 libpam0g-dev_1.1.1-4ubuntu2.2_amd64.deb 77db8c9082c331ea54c4f05941e6f3692e283cc9 56920 libpam-cracklib_1.1.1-4ubuntu2.2_amd64.deb 4f52d1837b51cd5c870d9a1398c385d1898fb231 140458 pam_1.1.1-4ubuntu2.2_amd64_translations.tar.gz Checksums-Sha256: da80da0a4b29639112d74fdf96870dd037f4db440df47989f864240c192bd8ee 96140 libpam0g_1.1.1-4ubuntu2.2_amd64.deb 477c5232c7dbe5bba51fbaf46dc1c5c02988301d7022b8437dd5956a5858bf2b 338644 libpam-modules_1.1.1-4ubuntu2.2_amd64.deb 2c7f4db47a79d64f208a0609423224ed891f709af161fa45a30f66eb5d6b91f4 159294 libpam0g-dev_1.1.1-4ubuntu2.2_amd64.deb 821583dca2faab8373c8f333a904b0b6a4a3823004a3472dfa683b1efd156d46 56920 libpam-cracklib_1.1.1-4ubuntu2.2_amd64.deb dad57b21d26b8087342acf2fd1c11fa17a79931d49a6db0afacc897fa1374525 140458 pam_1.1.1-4ubuntu2.2_amd64_translations.tar.gz Files: e8add40a36d8493fd13601f46863f559 96140 libs required libpam0g_1.1.1-4ubuntu2.2_amd64.deb 2c5c3319b172d9e16556df05357491d7 338644 admin required libpam-modules_1.1.1-4ubuntu2.2_amd64.deb 56484637493f97909625bf67aa91d363 159294 libdevel optional libpam0g-dev_1.1.1-4ubuntu2.2_amd64.deb 465ad4658198ea7c7bc1c7112e5db33c 56920 admin optional libpam-cracklib_1.1.1-4ubuntu2.2_amd64.deb 44ef05ac2609aaaa41d95c4b9833c7cf 140458 raw-translations - pam_1.1.1-4ubuntu2.2_amd64_translations.tar.gz Original-Maintainer: Steve Langasek