Source: pam-python Version: 1.0.6-1.1 Severity: important Hi,
pam-python is affected by the following security issue: CVE-2019-16729[0]: "pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups." Russell: I see that you are also upstream of pam-python. This vulnerability was fixed in sid via 1.0.7-1 but since this is a local root exploit, we should probably backport fixes for stable releases. However I am struggling to find precise information about this issue and can't assess the severity properly. Could you provide some more information related to this vulnerability? an isolated patch would be ideal. thanks! regards, Hugo [0] https://security-tracker.debian.org/tracker/CVE-2019-16729 -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
signature.asc
Description: PGP signature