[ubuntu/lucid-security] pam_1.1.1-2ubuntu5.2_ia64_translations.tar.gz, pam_1.1.1-2ubuntu5.2_sparc_translations.tar.gz (delayed), pam_1.1.1-2ubuntu5.2_i386_translations.tar.gz, pam_1.1.1-2ubuntu5.2_amd64_translations.tar.gz, pam_1.1.1-2ubuntu5.2_powerpc_translations.tar.gz, pam_1.1.1-2ubuntu5.2_armel_translations.tar.gz, pam 1.1.1-2ubuntu5.2 (Accepted)

Mon, 30 May 2011 07:14:21 -0700 

pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: multiple issues with lack of adequate privilege
    dropping
    - debian/patches/security-dropprivs.patch: introduce new privilege
      dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
      libpam/include/security/pam_modutil.h, libpam/libpam.map,
      modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
      modules/pam_xauth/pam_xauth.c.
    - CVE-2010-3316
    - CVE-2010-3430
    - CVE-2010-3431
    - CVE-2010-3435
    - CVE-2010-4706
    - CVE-2010-4707
  * SECURITY UPDATE: privilege escalation via incorrect environment
    - debian/patches/CVE-2010-3853.patch: use clean environment in
      modules/pam_namespace/pam_namespace.c.
    - CVE-2010-3853
  * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
    isn't needed for Ubuntu, and it needs to be rewritten to work with the
    massive privilege refactoring in the security patches.

Date: Thu, 19 May 2011 08:44:14 -0400
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/pam/1.1.1-2ubuntu5.2

Format: 1.8
Date: Thu, 19 May 2011 08:44:14 -0400
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib 
libpam-doc
Architecture: source
Version: 1.1.1-2ubuntu5.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Changes: 
 pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: multiple issues with lack of adequate privilege
     dropping
     - debian/patches/security-dropprivs.patch: introduce new privilege
       dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
       libpam/include/security/pam_modutil.h, libpam/libpam.map,
       modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
       modules/pam_xauth/pam_xauth.c.
     - CVE-2010-3316
     - CVE-2010-3430
     - CVE-2010-3431
     - CVE-2010-3435
     - CVE-2010-4706
     - CVE-2010-4707
   * SECURITY UPDATE: privilege escalation via incorrect environment
     - debian/patches/CVE-2010-3853.patch: use clean environment in
       modules/pam_namespace/pam_namespace.c.
     - CVE-2010-3853
   * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
     isn't needed for Ubuntu, and it needs to be rewritten to work with the
     massive privilege refactoring in the security patches.
Checksums-Sha1: 
 c36bdd761352a59520ed8d22426642444dfa5d6c 2241 pam_1.1.1-2ubuntu5.2.dsc
 f32fe52343d898de21f69d34af105d9554ee77ae 244703 pam_1.1.1-2ubuntu5.2.diff.gz
Checksums-Sha256: 
 71d0cc0889c964c8e3ea27b48d8e0b2393ff1e1b2525ac253ffdbe50dcfed872 2241 
pam_1.1.1-2ubuntu5.2.dsc
 e79f313d13a41820b8632e281270e4c9ce329affca8a5adfbb9f9465cfbbd0b9 244703 
pam_1.1.1-2ubuntu5.2.diff.gz
Files: 
 42bcb5d6760e9133f987074a0fb53d14 2241 libs optional pam_1.1.1-2ubuntu5.2.dsc
 7339405295e11e2485df59895a8965f8 244703 libs optional 
pam_1.1.1-2ubuntu5.2.diff.gz
Original-Maintainer: Steve Langasek <vor...@debian.org>

-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

Reply via email to