Format: 1.8 Date: Thu, 19 May 2011 08:40:22 -0400 Source: pam Binary: libpam0g libpam-modules libpam-modules-bin libpam-runtime libpam0g-dev libpam-cracklib libpam-doc Architecture: i386 all i386_translations Version: 1.1.2-2ubuntu8.2 Distribution: natty Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Marc Deslauriers Description: libpam-cracklib - PAM module to enable cracklib support libpam-doc - Documentation of PAM libpam-modules - Pluggable Authentication Modules for PAM libpam-modules-bin - Pluggable Authentication Modules for PAM - helper binaries libpam-runtime - Runtime support for the PAM library libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM Changes: pam (1.1.2-2ubuntu8.2) natty-security; urgency=low . * SECURITY UPDATE: multiple issues with lack of adequate privilege dropping - debian/patches/security-dropprivs.patch: introduce new privilege dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*, libpam/include/security/pam_modutil.h, libpam/libpam.map, modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c, modules/pam_xauth/pam_xauth.c. - CVE-2010-3430 - CVE-2010-3431 - CVE-2010-3435 - CVE-2010-4706 - CVE-2010-4707 * SECURITY UPDATE: privilege escalation via incorrect environment - debian/patches/CVE-2010-3853.patch: use clean environment in modules/pam_namespace/pam_namespace.c. - CVE-2010-3853 * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it isn't needed for Ubuntu, and it needs to be rewritten to work with the massive privilege refactoring in the security patches. Checksums-Sha1: 05eb2831023bf5ecbd9e138899067bfebca7b83a 51574 libpam0g_1.1.2-2ubuntu8.2_i386.deb ead471517f7df3bde67d71a6634b1991e04d3e03 262904 libpam-modules_1.1.2-2ubuntu8.2_i386.deb fc5bf6466743a471617a617a79945b8f46f8716b 34292 libpam-modules-bin_1.1.2-2ubuntu8.2_i386.deb 7cecca54f2f9a123cb476b7843d588b8d0a71760 42060 libpam-runtime_1.1.2-2ubuntu8.2_all.deb 4aee12deb64a299021bb70caca624a7d2375eae4 119560 libpam0g-dev_1.1.2-2ubuntu8.2_i386.deb 7ebcda1c13519c99030239c50245b6b562464748 16576 libpam-cracklib_1.1.2-2ubuntu8.2_i386.deb be5bb1b98ad0ccf7a8bbc2cd1e18c2ac638860fc 245100 libpam-doc_1.1.2-2ubuntu8.2_all.deb 50c115596331bcdddf9859856c7bf31753e02329 249060 pam_1.1.2-2ubuntu8.2_i386_translations.tar.gz Checksums-Sha256: eedff590ee5d8e57dd5145694b01645208f8c7a186d6d60fcccc2d1e03a00da6 51574 libpam0g_1.1.2-2ubuntu8.2_i386.deb 7bed82ca7c1640bc0ff6d610f31569519bc4e3cb0d0faad694604e8d7beae0c8 262904 libpam-modules_1.1.2-2ubuntu8.2_i386.deb 911e350f9a15518722050b29930cc6a2849b3d39d9d9f66713225805dfc73fdd 34292 libpam-modules-bin_1.1.2-2ubuntu8.2_i386.deb 2c86dd52d1b4e59982375a37ab92b5b1dbbf017e86910f590dd8ba49c71083be 42060 libpam-runtime_1.1.2-2ubuntu8.2_all.deb 3fd70df44b24147d99eceb6d6731712cfdf6abfb545eed9fa40046acce94baa4 119560 libpam0g-dev_1.1.2-2ubuntu8.2_i386.deb 3f28ea63d00b46995dbafc78653ccc869761b0937481aab86983588ceca589ef 16576 libpam-cracklib_1.1.2-2ubuntu8.2_i386.deb 1144b49b488ac76708ce0339d937385a0072a248b4db2bb3837a79e420ccb60d 245100 libpam-doc_1.1.2-2ubuntu8.2_all.deb fbd94a4dfe6b5b4cdcbaede08b80761d5293a8e80bc86d7c6f9fc2c2396ba19e 249060 pam_1.1.2-2ubuntu8.2_i386_translations.tar.gz Files: 349fe14be4116062abee882c8f253b42 51574 libs required libpam0g_1.1.2-2ubuntu8.2_i386.deb c38123bd621cfd349e6b12a8ca84e32f 262904 admin required libpam-modules_1.1.2-2ubuntu8.2_i386.deb a7ad94226dd8bf0c50e08af87e555295 34292 admin required libpam-modules-bin_1.1.2-2ubuntu8.2_i386.deb 0dfd46e7bd801c4c3323b7ea436aba2f 42060 admin required libpam-runtime_1.1.2-2ubuntu8.2_all.deb 84e9cb6bff115abff901d3c2a1307b87 119560 libdevel optional libpam0g-dev_1.1.2-2ubuntu8.2_i386.deb 008bc0686761ba484183d7340a31a073 16576 admin optional libpam-cracklib_1.1.2-2ubuntu8.2_i386.deb e1af2a1d4ba6cdfa3fe7971fbee7ee26 245100 doc optional libpam-doc_1.1.2-2ubuntu8.2_all.deb a609ce5d932b8f85b372e4c0ce0875d0 249060 raw-translations - pam_1.1.2-2ubuntu8.2_i386_translations.tar.gz Original-Maintainer: Steve Langasek