-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 07 Nov 2017 18:22:33 +0100 Source: libpam4j Binary: libpam4j-java libpam4j-java-doc Architecture: source all Version: 1.4-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libpam4j-java - Java binding for libpam.so libpam4j-java-doc - Documentation for Java binding for libpam.so Closes: 879001 Changes: libpam4j (1.4-2+deb9u1) stretch-security; urgency=high . * Team upload. * Fix CVE-2017-12197 (Closes: #879001): It was discovered that libpam4j does not call pam_acct_mgmt(). As a consequence, the PAM account is not properly verified. Any user with a valid password but with deactivated or disabled account was able to log in. Checksums-Sha1: 38444a2fefe56f6cabc4dd567f4efe54e2fe4554 2288 libpam4j_1.4-2+deb9u1.dsc 1335e34fba33ab2531265ced9dbd58295476a81c 6880 libpam4j_1.4.orig.tar.gz 07264c172fb3c2a3d38dc1fe20de7971f5600925 4972 libpam4j_1.4-2+deb9u1.debian.tar.xz 0f865e8ae403483ef7c43b1f62cf4b7e776cdb8b 24244 libpam4j-java-doc_1.4-2+deb9u1_all.deb fa5629353cf55dcb7314e6db74305ccd20e5266d 14700 libpam4j-java_1.4-2+deb9u1_all.deb 593a7e896bf0502374707fbed462a0bb6fb27c7e 15358 libpam4j_1.4-2+deb9u1_amd64.buildinfo Checksums-Sha256: 07dcae78f87e001357eb2069e2d15e507bdb549d286c6fca9c7d5c72445d0028 2288 libpam4j_1.4-2+deb9u1.dsc 83e738e7e6d5055adaaffccd0caa10ba03a13ea59bd016f9bb4d1306c7c3f550 6880 libpam4j_1.4.orig.tar.gz 4b6e024b12ce4d74df81629232a3d141a3d04686c0c970b26169c25235f9a79e 4972 libpam4j_1.4-2+deb9u1.debian.tar.xz 4d5c2f6cbb0343f716c8c7c9624b51af67e5c3b913a4b1417e8e6eca9827b42d 24244 libpam4j-java-doc_1.4-2+deb9u1_all.deb 0ef43ba693ad70971831067cb2cee8bc468a62ce39082cd85ee1ad99a230a293 14700 libpam4j-java_1.4-2+deb9u1_all.deb b5f52537fe8ef42151ed910e7ba2ec2e319653b64c8ddb847d00606dff238b79 15358 libpam4j_1.4-2+deb9u1_amd64.buildinfo Files: 91e2e8ec5d74c90ad95de50993d04428 2288 java optional libpam4j_1.4-2+deb9u1.dsc 20d90b25f700a559f022d870682f5659 6880 java optional libpam4j_1.4.orig.tar.gz 600f666da593a215305beb5b7b39639d 4972 java optional libpam4j_1.4-2+deb9u1.debian.tar.xz 9d048975b9c086de3f4783f563f8ad70 24244 doc optional libpam4j-java-doc_1.4-2+deb9u1_all.deb d3262cc040d409901e683edaa870f90b 14700 java optional libpam4j-java_1.4-2+deb9u1_all.deb 1fb1f71ffbef837f868e93ed708c7aaf 15358 java optional libpam4j_1.4-2+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloB7ZdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk2UoQAJp9fN63hWiZb853UHStVM+sOgPL6f1fzV3V +kJkIX+gN4kgvfx31FiUb6M0YSN+9qHfKOYuoAZ337blPoG+u/UpM6gVt+Px5Uuz J91S37HNY93trSrd/wzaEF4hy9bzOJYlaM0yd0oGpAhN+lSuJYDqaxIW7kkckcRF D9C8gdrVtJvfwi1/IuurMMLA4iIDb87bkPFZiDFoK+HSGyuMzuX0yHK4dIr8H+5N 5rncF32Cyr+G/SFQcYoAlRsCKTWamOrzp647BI6iA1VLuN8XW3rWoiOkTsZH09at X23+Nuybn7q0Ro+fM7cEN7MvqbXGTLY6aKw1rKOOivvZwFCSCFXTStMeBPPNZm3I 0OuDfYEj3ERWNp7PwPIXgSMffxVl0riUsKlpbcPqRhPnnfCQuD2dLrQ1f4+CgTk2 tqRuKCgxs0LWvfB+mtnfjh5PAdYtAwIJwusKBc8bHTTUyZyWNH39S3dYWICcAXDf HfmLvV9ZnvwVDNL29sQrkX63OiGRCxDb9pnO9OCw2f929zOwsHJQdJeV3S4Ql1F+ lWbx65cLt2OL/51XW1uD4xYu5Nun0tFLrxSwzXXBZQsD1gL3Q9usUWYnNm5jB+xI ItR5lYEKMMSFlgw3sEi5hqvsIxU0I5booKdOKZX0hXlLY0YVqs/jbhAM/bTQIfOd 5nQe4fSO =6xcV -----END PGP SIGNATURE-----
