pam - Debian Package Tracker

general

source: pam (main)
version: 1.7.0-3
maintainer: Sam Hartman (DMD)
arch: all any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3.1-5
oldstable: 1.4.0-9+deb11u1
stable: 1.5.2-6+deb12u1
testing: 1.7.0-3
unstable: 1.7.0-3

versioned links

1.3.1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.0-9+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.2-6+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpam-doc (4 bugs: 0, 0, 4, 0)
libpam-modules (49 bugs: 0, 29, 20, 0)
libpam-modules-bin (1 bugs: 0, 0, 1, 0)
libpam-runtime (25 bugs: 0, 15, 10, 0)
libpam0g (6 bugs: 0, 2, 4, 0)
libpam0g-dev

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2024-10963: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

Created: 2024-10-24 Last update: 2025-04-20 20:02

14 bugs tagged patch in the BTS normal

The BTS contains patches fixing 14 bugs (15 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2025-05-24 07:30

Depends on packages which need a new maintainer normal

The packages that pam depends on which need a new maintainer are:

db-defaults (#1055344)
- Build-Depends: libdb-dev
docbook-xsl (#802370)
- Build-Depends-Indep: docbook-xsl-ns
docbook5-xml (#802377)
- Build-Depends-Indep: docbook5-xml

Created: 2023-09-01 Last update: 2025-05-24 04:32

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-02-04 Last update: 2025-05-24 02:01

19 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit cb448e6474f53e4e40bfb594597156dc6256605c
Author: Gioele Barabucci <gioele@svario.it>
Date:   Thu Feb 13 20:05:18 2025 +0100

    d/libpam-runtime.postinst: Drop redundant version check
    
    The check against version 1.0.1-11 has been redundant since Debian 5
    "lenny".

commit 5ea47ce9ee44b5cac894c66fb223f02735299d55
Author: Gioele Barabucci <gioele@svario.it>
Date:   Thu Feb 13 19:22:52 2025 +0100

    d/libpam-modules.postinst: Drop redundant version check
    
    The check against version 0.99.9.0-1 has been redundant since Debian 5
    "lenny".

commit a2d9adc8e86c8457b482ecb44b11058e5003f447
Author: Gioele Barabucci <gioele@svario.it>
Date:   Thu Feb 13 19:06:36 2025 +0100

    d/TODO: Remove outdated item about fop
    
    Closes: #629438

commit a7986fea5c987d0f821984fd9d7c89ed013c42d4
Author: Gioele Barabucci <gioele@svario.it>
Date:   Thu Feb 13 16:29:07 2025 +0100

    d/control: Update standards version to 4.7.0, no changes needed

commit 0da056d8d80e238a65d4f62769b34cb1fd768d77
Author: Gioele Barabucci <gioele@svario.it>
Date:   Thu Feb 13 16:00:18 2025 +0100

    d/control: Remove outdated constraints
    
    Both debconf 1.5.19 and libpam-modules 1.0.1-6 are older than
    Debian 6 "squeeze".
    
    Explicitly requiring debconf is not needed because `${misc:Depends}`
    already deals with it.

commit f54ffb63b95cb46b809284124295787f39bd7ed8
Author: Gioele Barabucci <gioele@svario.it>
Date:   Thu Feb 13 14:52:23 2025 +0100

    Add support for <!nodoc>

commit aab675ec3b3d04aa33413d7ae24c69ec739d443a
Merge: 6f7964a3 fd7ff719
Author: Sam Hartman <hartmans@debian.org>
Date:   Thu Feb 13 18:32:52 2025 -0700

    Merge in lintian fixes.

commit fd7ff7193ea87ba8e789fce0c48751fa88d4f40f
Author: Gioele Barabucci <gioele@svario.it>
Date:   Thu Feb 13 14:42:32 2025 +0100

    d/u/metadata: Add Repository URL

commit 79e2ed9455aa9d2b05fd4f43516d2cccbfff19ed
Author: Gioele Barabucci <gioele@svario.it>
Date:   Mon Sep 9 17:19:08 2024 +0200

    d/libpam-modules.lintian-overrides: Remove unused hardening overrides
    
    Fixes: lintian: libpam-modules: mismatched-override hardening-no-fortify-functions

commit 9005eb03afd07d5b0fa0dfbb2e82a1a5ecfeae26
Author: Gioele Barabucci <gioele@svario.it>
Date:   Thu Feb 13 12:44:32 2025 +0100

    d/lintian-overrides: Document that sysadmin manpages are libpam-runtime

commit 732ab13ecae9d8bde3148f373501ad117c6e9766
Author: Gioele Barabucci <gioele@svario.it>
Date:   Mon Sep 9 21:23:07 2024 +0200

    d/libpam0g.symbols: Add Build-Depends-Package
    
    Fixes: lintian: symbols-file-missing-build-depends-package-field

commit d0a03a5cc7f2c5a0a92a5ee8cb3ccd95f452c500
Author: Gioele Barabucci <gioele@svario.it>
Date:   Mon Sep 9 18:05:25 2024 +0200

    d/libpam-modules.lintian-overrides: Use new name shared-library-lacks-prerequisites

commit 67c98996bcfad7882db981788eaeeae834826949
Author: Gioele Barabucci <gioele@svario.it>
Date:   Mon Sep 9 17:56:38 2024 +0200

    d/libpam-{modules,runtime}.post{inst,rm}: Use `set -e` instead of `/bin/sh -e`
    
    Policy recommends to use `set -e` to ensure that scripts always have `-e`
    enabled, even when they are run as `sh foo.postinst`.
    
    Fixes: lintian: *: maintainer-script-without-set-e

commit bdeb29100e6c253416ee8b2a6e3a4f0c5eb14ea0
Author: Gioele Barabucci <gioele@svario.it>
Date:   Mon Sep 9 17:36:38 2024 +0200

    d/libpam0g.lintian-overrides: Remove outdated override for false positive package-name-doesnt-match-sonames

commit eae1ea71e649cce546557d9517cca87a792aee8c
Author: Gioele Barabucci <gioele@svario.it>
Date:   Mon Sep 9 17:31:19 2024 +0200

    d/s/lintian-overrides: Remove outdated dh-quilt-addon-but-quilt-source-format
    
    dh_quilt is no longer used since commit b99a4f53dcf4725e4b3b861fd8a28c0156a8a147

commit df7bb744b86913bf54f0e8c3e837e30bc3e0d96c
Author: Gioele Barabucci <gioele@svario.it>
Date:   Mon Sep 9 17:20:09 2024 +0200

    d/watch: Avoid leading spaces in non-continuation lines
    
    While the specs allow for leading spaces to be present in any line, some
    tools are confused then leading spacere are in non-continuation lines.
    
    Fixes: lintian: pam source: missing-debian-watch-file-standard [debian/watch]

commit 07d5c246315ac679b95a8bc59b1da6ea34bed289
Author: Gioele Barabucci <gioele@svario.it>
Date:   Mon Sep 9 17:17:15 2024 +0200

    d/libpam-runtime.lintian-overrides: Document why prerm is empty
    
    Fixes: lintian: libpam-runtime: maintainer-script-empty [prerm]

commit 6d4514fa9c31a0776c2e5a6a277b77f1aa780b68
Author: Gioele Barabucci <gioele@svario.it>
Date:   Wed Jun 12 20:44:08 2024 +0200

    d/libpam-modules.templates: Remove unused debconf variables
    
    `libpam-modules/disable-screensaver` and `libpam-modules/deprecate-tally`
    are no longer used in the maintainer scripts.

commit a816df4f91ca5726ed9c2f8590bfb95087b8d42a
Author: Gioele Barabucci <gioele@svario.it>
Date:   Wed Jun 12 20:38:17 2024 +0200

    d/libpam-modules.preinst: Remove outdated screensaver-related code
    
    Version 1.4.0-5 is older than what is currently in old-stable
    (Debian 11 bullseye, 1.4.0-9+deb11u1), so this code is never going
    to run in future installations of `libpam-modules`.
    
    Closes: #1073129

Created: 2025-02-14 Last update: 2025-05-21 23:03

lintian reports 14 warnings normal

Lintian reports 14 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-02-11 Last update: 2025-04-11 03:31

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-10041: (needs triaging) A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
CVE-2024-22365: (needs triaging) linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-01-18 Last update: 2025-04-20 20:02

debian/patches: 18 patches to forward upstream low

Among the 18 debian patches available in version 1.7.0-3 of the package, we noticed the following issues:

18 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2024-02-28 Last update: 2025-02-11 21:32

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2024-10-29 Last update: 2024-10-29 14:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).

Created: 2024-04-07 Last update: 2025-02-27 13:24

news

[rss feed]

[2025-02-15] pam 1.7.0-3 MIGRATED to testing (Debian testing watch)
[2025-02-11] Accepted pam 1.7.0-3 (source) into unstable (Sam Hartman)
[2025-02-04] pam 1.7.0-2 MIGRATED to testing (Debian testing watch)
[2025-01-30] Accepted pam 1.7.0-2 (source) into unstable (Sam Hartman)
[2025-01-17] Accepted pam 1.7.0-1 (source) into experimental (Sam Hartman)
[2024-05-03] pam 1.5.3-7 MIGRATED to testing (Debian testing watch)
[2024-04-08] Accepted pam 1.5.3-7 (source) into unstable (Sam Hartman)
[2024-02-29] Accepted pam 1.5.3-6 (source) into unstable (Steve Langasek)
[2024-02-29] Accepted pam 1.5.3-5 (source) into unstable (Sam Hartman)
[2024-02-28] Accepted pam 1.5.3-4 (source) into unstable (Sam Hartman)
[2024-02-06] Accepted pam 1.5.3-3 (source) into experimental (Helmut Grohne) (signed by: Sam Hartman)
[2024-02-02] Accepted pam 1.5.3-2 (source all amd64) into experimental (Sam Hartman)
[2024-01-16] Accepted pam 1.5.3-1 (source) into experimental (Sam Hartman)
[2023-10-27] pam 1.5.2-9.1 MIGRATED to testing (Debian testing watch)
[2023-10-24] Accepted pam 1.5.2-9.1 (source) into unstable (Helmut Grohne)
[2023-10-24] Accepted pam 1.5.2-9 (source) into unstable (Sam Hartman)
[2023-10-24] Accepted pam 1.5.2-8 (source) into unstable (Helmut Grohne) (signed by: Sam Hartman)
[2023-09-23] Accepted pam 1.5.2-6+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Sam Hartman)
[2023-08-19] pam 1.5.2-7 MIGRATED to testing (Debian testing watch)
[2023-08-16] Accepted pam 1.5.2-7 (source) into unstable (Sam Hartman)
[2023-01-14] pam 1.5.2-6 MIGRATED to testing (Debian testing watch)
[2023-01-04] Accepted pam 1.5.2-6 (source) into unstable (Sam Hartman)
[2022-10-12] pam 1.5.2-5 MIGRATED to testing (Debian testing watch)
[2022-10-06] Accepted pam 1.5.2-5 (source) into unstable (Steve Langasek)
[2022-10-06] Accepted pam 1.5.2-4 (source) into unstable (Steve Langasek)
[2022-10-06] Accepted pam 1.5.2-3 (source) into unstable (Steve Langasek)
[2022-08-24] pam 1.5.2-2 MIGRATED to testing (Debian testing watch)
[2022-08-18] Accepted pam 1.5.2-2 (source) into unstable (Steve Langasek)
[2022-08-18] Accepted pam 1.5.2-1 (source) into unstable (Steve Langasek)
[2022-05-01] pam 1.4.0-13 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 98 103
RC: 0
I&N: 50 54
M&W: 48 49
F&P: 0
patch: 14 15

links

homepage
lintian (0, 14)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (87, 58)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.5.3-7ubuntu4
71 bugs (6 patches)
patches for 1.5.3-7ubuntu4