* SECURITY UPDATE: possible code execution via incorrect environment file
parsing (LP: #874469)
- debian/patches-applied/CVE-2011-3148.patch: correctly count leading
whitespace when parsing environment file in modules/pam_env/pam_env.c.
- CVE-2011-3148
* SECURITY UPDATE: denial of service via overflowed environment variable
expansion (LP: #874565)
- debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
with PAM_BUF_ERR in modules/pam_env/pam_env.c.
- CVE-2011-3149
* SECURITY UPDATE: code execution via incorrect environment cleaning
- debian/patches-applied/update-motd: updated to use clean environment
and absolute paths in modules/pam_motd/pam_motd.c.
- CVE-2011-XXXX
* SECURITY REGRESSION:
- debian/patches/security-dropprivs.patch: updated patch to preserve
ABI and prevent daemons from needing to be restarted. (LP: #790538)
- debian/patches/autoconf.patch: refreshed
* SECURITY UPDATE: multiple issues with lack of adequate privilege
dropping
- debian/patches/security-dropprivs.patch: introduce new privilege
dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
libpam/include/security/pam_modutil.h, libpam/libpam.map,
modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
modules/pam_xauth/pam_xauth.c.
- CVE-2010-3316
- CVE-2010-3430
- CVE-2010-3431
- CVE-2010-3435
- CVE-2010-4706
- CVE-2010-4707
* SECURITY UPDATE: privilege escalation via incorrect environment
- debian/patches/CVE-2010-3853.patch: use clean environment in
modules/pam_namespace/pam_namespace.c.
- CVE-2010-3853
* debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
isn't needed for Ubuntu, and it needs to be rewritten to work with the
massive privilege refactoring in the security patches.