~ubuntu-core-dev/ubuntu/+source/pam/+git/pam:lucid

Last commit made on 2019-02-13
Get this branch:
git clone -b lucid https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/pam/+git/pam
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Branch information

Recent commits

c59dab2... by Steve Langasek on 2013-03-26

Import Debian changes 1.1.1-2ubuntu5.6

pam (1.1.1-2ubuntu5.6) lucid-proposed; urgency=low

  * Include the pam_tally2 helper in /sbin so that the pam_tally2 module can
    be used. LP: #586462.

22796c1... by Steve Langasek on 2012-03-14

Import Debian changes 1.1.1-2ubuntu5.5

pam (1.1.1-2ubuntu5.5) lucid-proposed; urgency=low

  * Include the pam_tally2 helper in /sbin so that the pam_tally2 module can
    be used. LP: #586462.

0e6d6e1... by Marc Deslauriers on 2011-10-18

Import Debian changes 1.1.1-2ubuntu5.4

pam (1.1.1-2ubuntu5.4) lucid-security; urgency=low

  * SECURITY UPDATE: possible code execution via incorrect environment file
    parsing (LP: #874469)
    - debian/patches-applied/CVE-2011-3148.patch: correctly count leading
      whitespace when parsing environment file in modules/pam_env/pam_env.c.
    - CVE-2011-3148
  * SECURITY UPDATE: denial of service via overflowed environment variable
    expansion (LP: #874565)
    - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
      with PAM_BUF_ERR in modules/pam_env/pam_env.c.
    - CVE-2011-3149
  * SECURITY UPDATE: code execution via incorrect environment cleaning
    - debian/patches-applied/update-motd: updated to use clean environment
      and absolute paths in modules/pam_motd/pam_motd.c.
    - CVE-2011-XXXX

62e97af... by Marc Deslauriers on 2011-05-31

Import Debian changes 1.1.1-2ubuntu5.3

pam (1.1.1-2ubuntu5.3) lucid-security; urgency=low

  * SECURITY REGRESSION:
    - debian/patches/security-dropprivs.patch: updated patch to preserve
      ABI and prevent daemons from needing to be restarted. (LP: #790538)
    - debian/patches/autoconf.patch: refreshed

d01f451... by Marc Deslauriers on 2011-05-19

Import Debian changes 1.1.1-2ubuntu5.2

pam (1.1.1-2ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: multiple issues with lack of adequate privilege
    dropping
    - debian/patches/security-dropprivs.patch: introduce new privilege
      dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
      libpam/include/security/pam_modutil.h, libpam/libpam.map,
      modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
      modules/pam_xauth/pam_xauth.c.
    - CVE-2010-3316
    - CVE-2010-3430
    - CVE-2010-3431
    - CVE-2010-3435
    - CVE-2010-4706
    - CVE-2010-4707
  * SECURITY UPDATE: privilege escalation via incorrect environment
    - debian/patches/CVE-2010-3853.patch: use clean environment in
      modules/pam_namespace/pam_namespace.c.
    - CVE-2010-3853
  * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
    isn't needed for Ubuntu, and it needs to be rewritten to work with the
    massive privilege refactoring in the security patches.

6c80d2b... by Dustin Kirkland  on 2011-05-03

Import Debian changes 1.1.1-2ubuntu5.1

pam (1.1.1-2ubuntu5.1) lucid-proposed; urgency=low

  * debian/patches-applied/update-motd: santize the environment before
    calling run-parts, LP: #610125

7519684... by Kees Cook on 2010-07-07

Import Debian changes 1.1.1-2ubuntu5

pam (1.1.1-2ubuntu5) lucid-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via symlink following.
    - debian/patches-applied/pam_motd-legal-notice: drop privs for work.
    - CVE-2010-0832

582e802... by Steve Langasek on 2010-05-13

Import Debian changes 1.1.1-2ubuntu3

pam (1.1.1-2ubuntu3) lucid-proposed; urgency=low

  * pam-auth-update: fix a bug in our handling of module options when the
    module name contains digits, caused by a buggy regexp. LP: #579826.

cbcf302... by Dustin Kirkland  on 2010-04-13

Import Debian changes 1.1.1-2ubuntu2

pam (1.1.1-2ubuntu2) lucid; urgency=low

  * debian/update-motd.5, debian/libpam-modules.manpages: add a manpage
    for update-motd, with some best practices and notes of explanation,
    LP: #562566
  * debian/patches/update-motd-manpage-ref: add a reference in pam_mod(8)
    to update-motd(5), LP: #552175

0a1a350... by Steve Langasek on 2010-02-18

releasing version 1.1.1-2ubuntu1