Comment 4 for bug 1487103

This bug was fixed in the package pam - 1.1.8-3.6ubuntu1

---------------
pam (1.1.8-3.6ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable.
    - Fixes unescaped brace in pam_getenv regex. LP: #1538284.
    - Fixes pam_namespace defaults for compatibility with dash. LP: #1081323.
  * Remaining changes:
    - debian/control: have libpam-modules recommend update-motd package
    - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's
      not present there or in /etc/security/pam_env.conf. (should send to
      Debian).
    - debian/libpam0g.postinst: only ask questions during update-manager when
      there are non-default services running.
    - debian/libpam0g.postinst: check if gdm is actually running before
      trying to reload it.
    - debian/libpam0g.postinst: the init script for 'samba' is now named
      'smbd' in Ubuntu, so fix the restart handling.
    - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly
      initialise RLIMIT_NICE rather than relying on the kernel limits.
    - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch:
      Deprecate pam_unix's explicit "usergroups" option and instead read it
      from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined
      there. This restores compatibility with the pre-PAM behaviour of login.
    - debian/patches-applied/pam_motd-legal-notice: display the contents of
      /etc/legal once, then set a flag in the user's homedir to prevent
      showing it again.
    - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
      for update-motd, with some best practices and notes of explanation.
    - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8)
      to update-motd(5)
    - debian/local/common-session{,-noninteractive}: Enable pam_umask by
      default, now that the umask setting is gone from /etc/profile.
    - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition.
    - debian/patches-applied/extrausers.patch: Add a pam_extrausers module
      that is basically just a copy of pam_unix but looks at
      /var/lib/extrausers/{group,passwd,shadow} instead of /etc/
    - debian/libpam-modules-bin.install: install the helper binaries for
      pam_extrausers to /sbin
    - debian/rules: Make pam_extrausers_chkpwd sguid shadow
    - pam-configs/mkhomedir: Added a config for pam_mkhomedir, disabled
      by default.
    - don't notify about xdm restarts during a release-upgrade
    - debian/patches-applied/cve-2015-3238.patch: removed manpage changes
      so they don't get regenerated during build and cause a multiarch
      installation issue.
  * Dropped changes, included in Debian:
    - Build-depend on libfl-dev.
    - debian/patches-applied/pam-limits-nofile-fd-setsize-cap: cap the default
      soft nofile limit read from pid 1 to FD_SETSIZE.
  * Fix references to /var/run in update-motd.5. LP: #1571864
  * Fix service restart handling to integrate with systemd instead of
    upstart.

pam (1.1.8-3.6) unstable; urgency=medium

  * Non-maintainer upload.
  * cve-2015-3238.patch: Add the changes in the generated pam_exec.8
    and pam_unix.8 in addition to (and after) the changes to the
    source .xml files. This avoids unwanted rebuilds that can cause
    problems due to differing files on different architectures of
    the Multi-Arch: same libpam-modules. (Closes: #851545)

pam (1.1.8-3.5) unstable; urgency=medium

  * Non-maintainer upload.
  * Build-Depend on libfl-dev:native as well, for cross builds.
    Re-closes: #846459
  * Fix "Unescaped left brace in regex" with Perl 5.22. Closes: #810873

pam (1.1.8-3.4) unstable; urgency=medium

  * Non-maintainer upload.
  * Add libfl-dev to Build-Depends, fixing FTBFS. Closes: #846459
  * Move xsl stuff to Build-Depends from -Indep to fix misbuilt manpages.
    Closes: #812566

pam (1.1.8-3.3) unstable; urgency=low

  * Non-maintainer upload.
  [ Steve Langasek ]
  * Updated Swedish translation to correct a typo, thanks to Anders Jonsson
    and Martin Bagge. Closes: #743875
  * Updated Turkish translation, thanks to Mert Dirik <email address hidden>.
    (closes: #756756)
  * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
    soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak
    <email address hidden> for the patch. Closes: #783105.
  * Acknowledge security NMU.
  * pam-auth-update: don't mishandle trailing whitespace in profiles.
    LP: #1487103.

  [ Laurent Bigonville ]
  * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
  * debian/watch: Update watch file and point it to http://www.linux-pam.org
  * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
    namespace.init script (Closes: #624842)
  * debian/control: Build-depends against debhelper (>= 9) to match the
    defined debhelper compatibility
  * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
    thanks to Jakub Wilk <email address hidden> for noticing (Closes: #761594)
  * debian/control: Bump Standards-Version to 3.9.8 (no further changes)
  * debian/libpam-doc.doc-base.applications-guide: Fix spelling
  * debian/libpam0g-dev.examples: Do not use shell brace expansion
  * debian/patches-applied/pam-loginuid-in-containers: Updated with the version
    from Ubuntu, this should fix logins in containers (Closes: #726661)
  * debian/patches-applied/update-motd: Updated with the version from Ubuntu:
    use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
    uses the later (Closes: #743286)
  * debian/patches-applied/make_documentation_reproducible.patch: Make the
    build reproducible, removes differences when building with different
    locale values (Closes: #792127)

 -- Steve Langasek <email address hidden> Thu, 26 Oct 2017 23:23:18 -0700