-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 17 Feb 2009 07:50:53 -0800 Source: libpam-krb5 Binary: libpam-krb5 Architecture: source i386 Version: 3.13-2 Distribution: unstable Urgency: high Maintainer: Russ Allbery <rra@debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libpam-krb5 - PAM module for MIT Kerberos Closes: 492039 492379 Changes: libpam-krb5 (3.13-2) unstable; urgency=low . * Upload to unstable. . libpam-krb5 (3.13-1) experimental; urgency=high . * New upstream release. - SECURITY (CVE-2009-0360): If invoked in a setuid context, ignore user environment variables that specify the local keytab and Kerberos configuration. Protects against a privilege escalation vulnerability. - SECURITY (CVE-2009-0361): Protect against applications calling pam_setcred with PAM_REINITIALIZE_CREDS as root in a setuid context. This API call is designed to reinitialize an existing Kerberos ticket cache and therefore trusts the KRB5CCNAME environment variable, but in a setuid context, this may allow overwriting arbitrary files. * Install the upstream NEWS file as an upstream changelog. * Add ${misc:Depends} to the package dependencies. * Improve wording for the GPL pointer. The package may be distributed under any version of the GPL. . libpam-krb5 (3.12-1) experimental; urgency=low . * New upstream release. - New alt_auth_map, force_alt_auth, and only_alt_auth options to map usernames to alternative Kerberos principals for authentication. - Log to authpriv, not auth. - Correctly log an exit status of ignore during debugging. - Document ssh session requirement. (Closes: #492039) - Document ignore handling with [] actions. (Closes: #492379) * Update to debhelper compatibility mode V7. - Use debhelper rule minimization except for configure. - Let the upstream Makefile do the installation. * Remove NEWS.Debian, only of interest in upgrades from sarge. Checksums-Sha1: 036bb6a80627a33abfe6a2454c4d0938901da62f 1214 libpam-krb5_3.13-2.dsc 7a388e71e1a78d8fa400393e4a73aaa936b99182 13399 libpam-krb5_3.13-2.diff.gz 0a4314f896e487395d9559a148d9844f2145f65f 65640 libpam-krb5_3.13-2_i386.deb Checksums-Sha256: 1fbabd88ec3122be6258e61fd439f3048d38b3707ff388b7ed257843e856acd0 1214 libpam-krb5_3.13-2.dsc 1fdefd3da0ae2b21dd65a2db46150403c5fa456e588e8dac8e3978603d44e319 13399 libpam-krb5_3.13-2.diff.gz 07bc914759334df38cf0287dd7591b318360ced19f69d85e116f8eb30a85c6f1 65640 libpam-krb5_3.13-2_i386.deb Files: 4ad33a91361b5e3bbbf035cc4b2b3f77 1214 net optional libpam-krb5_3.13-2.dsc ece147f60624687d34770d74af073e5f 13399 net optional libpam-krb5_3.13-2.diff.gz 5391de0bab2d4c8754c1e73d507d8f75 65640 net optional libpam-krb5_3.13-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkma49MACgkQ+YXjQAr8dHalKACeIEzCQKqKgD11yCWfD92YoTzk xe0An0xza26bfY3OUAWJpF9yCiQbXmji =NThh -----END PGP SIGNATURE----- Accepted: libpam-krb5_3.13-2.diff.gz to pool/main/libp/libpam-krb5/libpam-krb5_3.13-2.diff.gz libpam-krb5_3.13-2.dsc to pool/main/libp/libpam-krb5/libpam-krb5_3.13-2.dsc libpam-krb5_3.13-2_i386.deb to pool/main/libp/libpam-krb5/libpam-krb5_3.13-2_i386.deb