-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 21 Oct 2007 12:22:42 -0700 Source: pam Binary: libpam0g-dev libpam0g libpam-modules libpam-doc libpam-runtime libpam-cracklib Architecture: source i386 all amd64 Version: 0.79-5 Distribution: proposed-updates Urgency: low Maintainer: Sam Hartman <hartmans@debian.org> Changed-By: Steve Langasek <vorlon@debian.org> Description: libpam-doc - Documentation of PAM libpam-runtime - Runtime support for the PAM library libpam-cracklib - PAM module to enable cracklib support libpam-modules - Pluggable Authentication Modules for PAM libpam0g - Pluggable Authentication Modules library libpam0g-dev - Development files for PAM Closes: 336344 Changes: pam (0.79-5) proposed-updates; urgency=low . * CVE-2005-2977: only uid=0 is allowed to invoke unix_chkpwd with an arbitrary username, and then only when SELinux is active. In all other cases root should have privileges to access /etc/shadow directly, and non-root users are not allowed access under the default security policy. This fixes a low-impact brute-force vector when SELinux is enabled and running in non-enforcing mode. Closes: #336344. Files: fb8dd31408dc01b4de4797f325390716 970 libs optional pam_0.79-5.dsc 1fe08210ba63698b513fcd71d3add1e6 134738 libs optional pam_0.79-5.diff.gz 5a7d3fcb4270887f917933389cffaaf7 64390 admin required libpam-runtime_0.79-5_all.deb f4c37b306e83babaa9d603714de62a35 731484 doc optional libpam-doc_0.79-5_all.deb e87e0ef694cd80679e916a8c924839a2 79792 libs required libpam0g_0.79-5_i386.deb d5ce492bb5fb3c4f4ee2971c29fb4609 187654 libs required libpam-modules_0.79-5_i386.deb 3d3e54ee11622ba26d5aa1c766a6f1c0 118054 libdevel optional libpam0g-dev_0.79-5_i386.deb aa6ed2ce912040786cb41c2800ffc21f 59690 libs optional libpam-cracklib_0.79-5_i386.deb 31fda3f61a23e0c413eca34eeac94e71 82152 libs required libpam0g_0.79-5_amd64.deb b452ab01144449d85add0e726f5a0cc4 199470 libs required libpam-modules_0.79-5_amd64.deb 13125032cccc9323cf0f6084090e6b1e 119440 libdevel optional libpam0g-dev_0.79-5_amd64.deb 611e606a93eeed64c396eb63b8748269 59812 libs optional libpam-cracklib_0.79-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHG6swKN6ufymYLloRArX/AKCB5MWUBFW1v0pPWPF+wlTqQGqW5ACeP1aJ +J2aEnMvkXrw5DyWQfPYoZw= =5T5o -----END PGP SIGNATURE----- Accepted: libpam-cracklib_0.79-5_amd64.deb to pool/main/p/pam/libpam-cracklib_0.79-5_amd64.deb libpam-cracklib_0.79-5_i386.deb to pool/main/p/pam/libpam-cracklib_0.79-5_i386.deb libpam-doc_0.79-5_all.deb to pool/main/p/pam/libpam-doc_0.79-5_all.deb libpam-modules_0.79-5_amd64.deb to pool/main/p/pam/libpam-modules_0.79-5_amd64.deb libpam-modules_0.79-5_i386.deb to pool/main/p/pam/libpam-modules_0.79-5_i386.deb libpam-runtime_0.79-5_all.deb to pool/main/p/pam/libpam-runtime_0.79-5_all.deb libpam0g-dev_0.79-5_amd64.deb to pool/main/p/pam/libpam0g-dev_0.79-5_amd64.deb libpam0g-dev_0.79-5_i386.deb to pool/main/p/pam/libpam0g-dev_0.79-5_i386.deb libpam0g_0.79-5_amd64.deb to pool/main/p/pam/libpam0g_0.79-5_amd64.deb libpam0g_0.79-5_i386.deb to pool/main/p/pam/libpam0g_0.79-5_i386.deb pam_0.79-5.diff.gz to pool/main/p/pam/pam_0.79-5.diff.gz pam_0.79-5.dsc to pool/main/p/pam/pam_0.79-5.dsc
