diff -Nru qa-regression-testing-0.1450~natty1/debian/bzr-builder.manifest qa-regression-testing-0.1455~natty1/debian/bzr-builder.manifest
--- qa-regression-testing-0.1450~natty1/debian/bzr-builder.manifest	2011-10-24 03:20:13.000000000 +0000
+++ qa-regression-testing-0.1455~natty1/debian/bzr-builder.manifest	2011-10-25 08:09:20.000000000 +0000
@@ -1,2 +1,2 @@
-# bzr-builder format 0.3 deb-version 0.1450
-lp:qa-regression-testing revid:marc.deslauriers@canonical.com-20111023231132-01w9vw67y8rj3lzc
+# bzr-builder format 0.3 deb-version 0.1455
+lp:qa-regression-testing revid:marc.deslauriers@canonical.com-20111024215114-qdwofz6ijkmslx5r
diff -Nru qa-regression-testing-0.1450~natty1/debian/changelog qa-regression-testing-0.1455~natty1/debian/changelog
--- qa-regression-testing-0.1450~natty1/debian/changelog	2011-10-24 03:20:13.000000000 +0000
+++ qa-regression-testing-0.1455~natty1/debian/changelog	2011-10-25 08:09:20.000000000 +0000
@@ -1,8 +1,8 @@
-qa-regression-testing (0.1450~natty1) UNRELEASED; urgency=low
+qa-regression-testing (0.1455~natty1) UNRELEASED; urgency=low
 
   * Auto build.
 
- -- Jamie Strandboge <jamie@ubuntu.com>  Mon, 24 Oct 2011 03:20:13 +0000
+ -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 25 Oct 2011 08:09:20 +0000
 
 qa-regression-testing (0.1335) UNRELEASED; urgency=low
 
diff -Nru qa-regression-testing-0.1450~natty1/install/audit_checks qa-regression-testing-0.1455~natty1/install/audit_checks
--- qa-regression-testing-0.1450~natty1/install/audit_checks	2011-10-24 03:20:12.000000000 +0000
+++ qa-regression-testing-0.1455~natty1/install/audit_checks	2011-10-25 08:09:03.000000000 +0000
@@ -211,8 +211,6 @@
     unconfined.sort()
     print "\n".join(unconfined)
 
-    return
-
     header("AppArmor profiles report")
     profiles = glob.glob("/etc/apparmor.d/*")
     profiles.sort()
diff -Nru qa-regression-testing-0.1450~natty1/scripts/testlib.py qa-regression-testing-0.1455~natty1/scripts/testlib.py
--- qa-regression-testing-0.1450~natty1/scripts/testlib.py	2011-10-24 03:20:11.000000000 +0000
+++ qa-regression-testing-0.1455~natty1/scripts/testlib.py	2011-10-25 08:09:03.000000000 +0000
@@ -297,6 +297,28 @@
     assert (rc == 0)
     return report.strip()
 
+def get_memory():
+    '''Gets total ram and swap'''
+    meminfo = "/proc/meminfo"
+    memtotal = 0
+    swaptotal = 0
+    if not os.path.exists(meminfo):
+        return (False, False)
+
+    try:
+        fd = open(meminfo, 'r')
+        for line in fd.readlines():
+            splitline = line.split()
+            if splitline[0] == 'MemTotal:':
+                memtotal = int(splitline[1])
+            elif splitline[0] == 'SwapTotal:':
+                swaptotal = int(splitline[1])
+        fd.close()
+    except:
+        return (False, False)
+
+    return (memtotal,swaptotal)
+
 def ubuntu_release():
     '''Get the Ubuntu release'''
     f = "/etc/lsb-release"
diff -Nru qa-regression-testing-0.1450~natty1/scripts/test-pam.py qa-regression-testing-0.1455~natty1/scripts/test-pam.py
--- qa-regression-testing-0.1450~natty1/scripts/test-pam.py	2011-10-24 03:20:03.000000000 +0000
+++ qa-regression-testing-0.1455~natty1/scripts/test-pam.py	2011-10-25 08:09:03.000000000 +0000
@@ -92,9 +92,9 @@
         child = pexpect.spawn('login')
         while 1:
             # 'Login incorrect' needs to come before the login prompt because we'll match both
-            rc = child.expect([pexpect.TIMEOUT, '.*Login incorrect', '.* (?i)login: ', '(?i)password: ', '.*\$ '], timeout=10)
+            rc = child.expect([pexpect.TIMEOUT, '.*Login incorrect', '.* (?i)login: ', '(?i)password: ', '.*\$ ', pexpect.EOF], timeout=10)
             if rc == 0: # Timeout
-                report = child.before + child.after
+                report = str(child.before) + str(child.after)
                 break
             if rc == 1: # Login incorrect
                 report = child.before + child.after
@@ -111,6 +111,9 @@
                     child.sendline('exit')
                     report = child.before + child.after
                     break
+            if rc == 5: # EOF
+                report = child.before
+                break
 
         child.close(force=True)
         return rc, report
@@ -187,12 +190,48 @@
 
         self._word_find(report, "qrtroot", invert=True)
 
+    def test_cve_2011_3148(self):
+        '''Test CVE-2011-3148 - pam_env'''
+
+        bad_line = " " * 256 + "\\"
+        big_bad_line = bad_line * 4 + "A" * 256
+        big_bad_file = big_bad_line + "\nQRT=qrttest"
+
+        open(os.path.join(self.user.home, '.pam_environment'),'w').write(big_bad_file)
+
+        expected = 4
+        rc, report = self._login(self.user.password, extra_command="echo $QRT")
+        self.assertEquals(rc, expected, "login returned %d (!=%d)" %(rc,expected))
+
+        self._word_find(report, "qrttest")
+
+    def test_cve_2011_3149(self):
+        '''Test CVE-2011-3149 - pam_env'''
+
+        evil_filler = '''EVIL_FILLER_255 DEFAULT=''' + "B" * 255 + '''
+EVIL_FILLER_256 DEFAULT=${EVIL_FILLER_255}B
+EVIL_FILLER_1024 DEFAULT=${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}
+EVIL_FILLER_8191 DEFAULT=${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_1024}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_256}${EVIL_FILLER_255}
+EVIL_OVERFLOW_DOS DEFAULT=${EVIL_FILLER_8191}AAAA
+'''
+        big_bad_file = evil_filler + "\nQRT=qrttest"
+
+        open(os.path.join(self.user.home, '.pam_environment'),'w').write(big_bad_file)
+
+        expected = 5
+        rc, report = self._login(self.user.password, extra_command="echo $QRT")
+        self.assertEquals(rc, expected, "login returned %d (!=%d)" %(rc,expected))
+
     def test_pam_xauth(self):
         '''Test pam_xauth module'''
 
         contents = "session optional pam_xauth.so"
         testlib.config_replace(self.pam_su, contents, True)
 
+        # Make sure the test user doesn't inherit ours when we su -
+        if 'XAUTHORITY' in os.environ:
+            del os.environ['XAUTHORITY']
+
         # Create a bogus xauth file for the first user
         rc, report = testlib.cmd(['su', '-', self.user.login, '-c', 'xauth add localhost:0 . 123456'])
         expected = 0
@@ -210,6 +249,30 @@
         rc, report = self._double_su(self.user.login, self.userB.login, self.userB.password, 'ls -al .xauth*')
         self._word_find(report, "-rw------- 1 %s %s" % (self.userB.login, self.userB.login))
 
+    def test_cve_2011_3628(self):
+        '''Test CVE-2011-3628 - pam_motd'''
+
+        contents = "session optional pam_motd.so"
+        testlib.config_replace(self.pam_su, contents, True)
+
+        user_bindir = os.path.join(self.user.home, 'bin')
+        user_hackfile = os.path.join(self.user.home, 'hackfile')
+        user_evil_env = os.path.join(user_bindir, 'env')
+        user_evil_run_parts = os.path.join(user_bindir, 'run-parts')
+        os.mkdir(user_bindir)
+
+        # run-parts in original version, env in incomplete fix
+        open(user_evil_env, 'w').write("touch %s" % user_hackfile)
+        os.chmod(user_evil_env, 0755)
+        open(user_evil_run_parts, 'w').write("touch %s" % user_hackfile)
+        os.chmod(user_evil_run_parts, 0755)
+
+        expected = 2
+        rc, report = self._double_su(self.user.login, self.userB.login, self.userB.password, command="ls -l %s" % user_hackfile)
+        self.assertEquals(rc, expected, "login returned %d (!=%d)" %(rc,expected))
+
+        self._word_find(report, "No such file")
+
     def test_pam_mail(self):
         '''Test pam_mail module'''
 
diff -Nru qa-regression-testing-0.1450~natty1/scripts/test-puppet.py qa-regression-testing-0.1455~natty1/scripts/test-puppet.py
--- qa-regression-testing-0.1450~natty1/scripts/test-puppet.py	2011-10-24 03:20:11.000000000 +0000
+++ qa-regression-testing-0.1455~natty1/scripts/test-puppet.py	2011-10-25 08:09:03.000000000 +0000
@@ -265,6 +265,12 @@
 
     def test_puppet_spec_tests(self):
         '''Testsuite rake spec (takes a while)'''
+
+        if self.lsb_release['Release'] >= 11.10:
+            (totalmem,totalswap) = testlib.get_memory()
+            if totalmem < 1000000:
+                print "\nWARNING: Need 1GB of RAM or higher on Oneiric+ or tests may fail!"
+
         ex_failures = []
         if self.lsb_release['Release'] < 10.10: # Lucid
             ex_failures.append("Puppet::ParseError in 'Puppet::Parser::Compiler should be able to determine the configuration version from a local version control repository'")
@@ -286,9 +292,7 @@
 
         non_deterministic_tests = None
         if self.lsb_release['Release'] < 10.10: # Lucid
-            arch = testlib.get_arch()
-            if arch == "x86_64": # What is this about??
-                non_deterministic_tests = ["'Puppet::Type::Mount::ProviderParsed Puppet::Type::Mount::ProviderParsed when modifying the filesystem tab should write the mount to disk when :flush is called' FAILED"]
+            non_deterministic_tests = ["'Puppet::Type::Mount::ProviderParsed Puppet::Type::Mount::ProviderParsed when modifying the filesystem tab should write the mount to disk when :flush is called' FAILED"]
         if self.lsb_release['Release'] >= 11.10:
             non_deterministic_tests = ["Puppet::Application::Inspect when executing when archiving to a bucket when auditing files should not send unreadable files"]
         self._run_rake_tests('spec', ex_failures, None, non_deterministic_tests)
@@ -296,6 +300,11 @@
     def test_puppet_unit_tests(self):
         '''Testsuite rake unit (takes a while)'''
 
+        if self.lsb_release['Release'] >= 11.10:
+            (totalmem,totalswap) = testlib.get_memory()
+            if totalmem < 1000000:
+                print "\nWARNING: Need 1GB of RAM or higher on Oneiric+ or tests may fail!"
+
         ex_failures = []
         if self.lsb_release['Release'] < 10.10: # Lucid
             ex_failures.append("test_uppercase_files_are_renamed_and_read(TestCertSupport)")