~ubuntu-core-dev/ubuntu/+source/pam/+git/pam:maverick

Last commit made on 2019-02-13
Get this branch:
git clone -b maverick https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/pam/+git/pam
Members of Ubuntu Core Development Team can upload to this branch. Log in for directions.

Branch merges

Branch information

Recent commits

2cbd355... by Marc Deslauriers on 2011-10-18

Import Debian changes 1.1.1-4ubuntu2.4

pam (1.1.1-4ubuntu2.4) maverick-security; urgency=low

  * SECURITY UPDATE: possible code execution via incorrect environment file
    parsing (LP: #874469)
    - debian/patches-applied/CVE-2011-3148.patch: correctly count leading
      whitespace when parsing environment file in modules/pam_env/pam_env.c.
    - CVE-2011-3148
  * SECURITY UPDATE: denial of service via overflowed environment variable
    expansion (LP: #874565)
    - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit
      with PAM_BUF_ERR in modules/pam_env/pam_env.c.
    - CVE-2011-3149
  * SECURITY UPDATE: code execution via incorrect environment cleaning
    - debian/patches-applied/update-motd: updated to use clean environment
      and absolute paths in modules/pam_motd/pam_motd.c.
    - CVE-2011-XXXX

fe3ecfe... by Marc Deslauriers on 2011-05-31

Import Debian changes 1.1.1-4ubuntu2.3

pam (1.1.1-4ubuntu2.3) maverick-security; urgency=low

  * SECURITY REGRESSION:
    - debian/patches/security-dropprivs.patch: updated patch to preserve
      ABI and prevent daemons from needing to be restarted. (LP: #790538)
    - debian/patches/autoconf.patch: refreshed

1754598... by Marc Deslauriers on 2011-05-19

Import Debian changes 1.1.1-4ubuntu2.2

pam (1.1.1-4ubuntu2.2) maverick-security; urgency=low

  * SECURITY UPDATE: multiple issues with lack of adequate privilege
    dropping
    - debian/patches/security-dropprivs.patch: introduce new privilege
      dropping code in libpam/pam_modutil_priv.c, libpam/Makefile.*,
      libpam/include/security/pam_modutil.h, libpam/libpam.map,
      modules/pam_env/pam_env.c, modules/pam_mail/pam_mail.c,
      modules/pam_xauth/pam_xauth.c.
    - CVE-2010-3316
    - CVE-2010-3430
    - CVE-2010-3431
    - CVE-2010-3435
    - CVE-2010-4706
    - CVE-2010-4707
  * SECURITY UPDATE: privilege escalation via incorrect environment
    - debian/patches/CVE-2010-3853.patch: use clean environment in
      modules/pam_namespace/pam_namespace.c.
    - CVE-2010-3853
  * debian/patches-applied/series: disable hurd_no_setfsuid patch, as it
    isn't needed for Ubuntu, and it needs to be rewritten to work with the
    massive privilege refactoring in the security patches.

619686a... by Dustin Kirkland  on 2011-05-03

Import Debian changes 1.1.1-4ubuntu2.1

pam (1.1.1-4ubuntu2.1) maverick-proposed; urgency=low

  * debian/patches-applied/update-motd: santize the environment before
    calling run-parts, LP: #610125

79767a6... by Kees Cook on 2010-10-25

Import Debian changes 1.1.1-4ubuntu2

pam (1.1.1-4ubuntu2) maverick-security; urgency=low

  * SECURITY UPDATE: root privilege escalation via symlink following.
    - debian/patches-applied/pam_motd-legal-notice: drop privs for work.
    - CVE-2010-0832

886b2ee... by Steve Langasek on 2010-08-17

releasing version 1.1.1-4ubuntu1

ac32100... by Steve Langasek on 2010-08-17

merge 1.1.1-4

f86e2b6... by Dustin Kirkland <kirkland@x200> on 2010-05-13

merge

2091784... by Steve Langasek on 2010-05-12

right upload target

340e6ec... by Dustin Kirkland <kirkland@x200> on 2010-05-13

releasing version 1.1.1-3ubuntu2