Your message dated Thu, 30 Aug 2007 19:47:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#439611: fixed in libpam-mount 0.18-7
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libpam-mount
Version: 0.18-6
Severity: normal
*** Please type your report below this line ***
If the pam_mount module asks directly for a password (i.e. is the first
module to require the password), the prompt spells "password:".
However, the usual Linux password prompt spells "Password:". This
difference can be used to determine if a host uses pam_mount.
Additionally - as there are quite few systems using pam_mount - this
behaviour can be used to identify a certain system.
I don't think this is a severe security risk, but it's certainly more than
just a typo.
The wrong spelling can be found in pam_mount.c, line 256 (patched file).
Cheers,
Raphael
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22.1-mactel (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
~
--- End Message ---
--- Begin Message ---
Source: libpam-mount
Source-Version: 0.18-7
We believe that the bug you reported is fixed in the latest version of
libpam-mount, which is due to be installed in the Debian FTP archive:
libpam-mount_0.18-7.diff.gz
to pool/main/libp/libpam-mount/libpam-mount_0.18-7.diff.gz
libpam-mount_0.18-7.dsc
to pool/main/libp/libpam-mount/libpam-mount_0.18-7.dsc
libpam-mount_0.18-7_i386.deb
to pool/main/libp/libpam-mount/libpam-mount_0.18-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Kleineidam <[EMAIL PROTECTED]> (supplier of updated libpam-mount
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 09 Aug 2007 12:19:45 +0200
Source: libpam-mount
Binary: libpam-mount
Architecture: source i386
Version: 0.18-7
Distribution: unstable
Urgency: low
Maintainer: Bastian Kleineidam <[EMAIL PROTECTED]>
Changed-By: Bastian Kleineidam <[EMAIL PROTECTED]>
Description:
libpam-mount - PAM module that can mount volumes for a user session
Closes: 439611 439703
Changes:
libpam-mount (0.18-7) unstable; urgency=low
.
* Adjust debian/watch file to use tar.bz2 instead of the older .tbz2
extension.
* Use "Password:" as default password prompt, just like login(1) and
other text-based login programs. (Closes: #439611)
* Don't build a loop device on top of a loop device. This happens
when the "loop" option is used. (Closes: #439703)
Files:
5173edabadbcf42118072a137f7f4e32 661 admin extra libpam-mount_0.18-7.dsc
a135161ea24a028fc03824898d2c5a08 20180 admin extra libpam-mount_0.18-7.diff.gz
b06120a25d2f64e35f06e6a1fef928a5 91902 admin extra libpam-mount_0.18-7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG1xq3eBwlBDLsbz4RAnCCAKCP1zq5tryO5H33XFYWnf8eGnWO1wCfdqSC
3mhaMPjivr1QrDzIl1bE4xw=
=sxgh
-----END PGP SIGNATURE-----
--- End Message ---
