15c4df6...
by
Tyler Hicks
on 2016-03-17
Import Debian changes 1.1.3-7ubuntu2.3
pam (1.1.3-7ubuntu2.3) precise-security; urgency=medium
* SECURITY REGRESSION: multiarch update issue (LP: #1558597 )
- debian/ patches- applied/ cve-2015- 3238.patch: Readd the manpage XML
changes and also add the regenerated man pages to the patch. It is
required to add the regenerated man pages to the patch because the build
dependencies to regenerate the man pages are only installed during i386
builds.
- debian/ patches- applied/ pam_umask_ usergroups_ from_login. defs.patch: Add
the changes after regenerating pam_umask.8 to the patch for the reasons
mentioned above.
1e581a4...
by
Marc Deslauriers
on 2016-03-16
Import Debian changes 1.1.3-7ubuntu2.2
pam (1.1.3-7ubuntu2.2) precise-security; urgency=medium
* SECURITY REGRESSION: multiarch update issue (LP: #1558114 )
- debian/ patches- applied/ cve-2015- 3238.patch: removed manpage changes
so they don't get regenerated during build.
- CVE-2015-3238
b670002...
by
Marc Deslauriers
on 2016-03-15
Import Debian changes 1.1.3-7ubuntu2.1
pam (1.1.3-7ubuntu2.1) precise-security; urgency=medium
* SECURITY UPDATE: pam_userdb case-insensitive search issue
- debian/ patches- applied/ cve-2013- 7041.patch: fix password hash
comparison in modules/ pam_userdb/ pam_userdb. c.
- CVE-2013-7041
* SECURITY UPDATE: directory traversal issue in pam_timestamp
- debian/ patches- applied/ cve-2014- 2583.patch: fix potential directory
traversal issue in modules/ pam_timestamp/ pam_timestamp. c.
- CVE-2014-2583
* SECURITY UPDATE: username enumeration via large passwords
- debian/ patches- applied/ cve-2015- 3238.patch: limit password size to
prevent a helper function hang in modules/ pam_exec/ pam_exec. 8.xml,
modules/ pam_exec/ pam_exec. c, modules/ pam_unix/ pam_unix. 8.xml,
modules/ pam_unix/ pam_unix_ passwd. c, modules/ pam_unix/ passverify. c,
modules/ pam_unix/ passverify. h, modules/ pam_unix/ support. c.
- CVE-2015-3238
54ce84f...
by
Steve Langasek
on 2012-02-09
releasing version 1.1.3-7ubuntu2
b86af08...
by
Steve Langasek
on 2012-02-09
No-change rebuild with gzip 1.4-1ubuntu2 to get multiarch-clean
compression of manpages. LP: #871083 .
6471bdc...
by
Steve Langasek
on 2012-01-28
releasing version 1.1.3-7ubuntu1
333f4c0...
by
Steve Langasek
on 2012-01-28
Merge version 1.1.3-7 from Debian
ec939fb...
by
Steve Langasek
on 2011-11-08
releasing version 1.1.3-6ubuntu1
7793c30...
by
Steve Langasek
on 2011-11-08
Merge version 1.1.3-6 from Debian unstable
6a264ff...
by
Steve Langasek
on 2011-11-07
Build-depend on libfl-dev in addition to flex, for cross-building
support.