Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - use target "stable
A candidate CVE has been assigned: 2012-2350
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Attaching a debdiff between the 0.9.2-3.2 and the fixed 0.9.2-3.3
pam-shield_0.9.2-3.2-to-3.3.debdiff
Description: Binary data
I have backported and tested the fix, RFS is #662076. Note that it
still won't do anything without "auth optional pam_shield.so" at the
top of common-auth, but it will block with that. Still working on
upstream and then bringing in the latest from there, shouldn't be too
long.
Thanks to Laurentiu
Sorry, I forgot the link to the bugfix [1]
[1]
https://github.com/walterdejong/pam_shield/commit/afa7b246018787fe6028289c414c33292641e1e0
On 2/6/12 10:47 , Laurentiu Pancescu wrote:
Package: libpam-shield
Version: 0.9.2-3.2 Severity: grave
Tags: security
With allow_missing_dns and allow_miss
Package: libpam-shield
Version: 0.9.2-3.2
Severity: grave
Tags: security
With allow_missing_dns and allow_missing_reverse set to "no" (default
configuration in Squeeze), pam_shield doesn't take any action
whatsoever, besides logging the IP. If I set both variables to "yes",
the IPs are null-
6 matches
Mail list logo
