summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2013-02-11 19:02:37 -0800
committerSteve Langasek <vorlon@debian.org>2019-01-08 22:11:49 -0800
commit1f362f8fbacbe742c940187199bff4b5b28c9561 (patch)
treeb3ecdc627b65ea4dcd2afe1e43d62cf4454e3a2d
parent445fb44ae72d252900dd18b4d38e4f04eb8d0299 (diff)
Confirm NMU for bug #611136; thanks to Michael Gilbert.
-rw-r--r--debian/changelog14
-rw-r--r--debian/patches-applied/cve-2011-4708.patch12
-rw-r--r--debian/patches-applied/series1
3 files changed, 27 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index c54feb60..1e124627 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+pam (1.1.3-8) UNRELEASED; urgency=low
+
+ * Confirm NMU for bug #611136; thanks to Michael Gilbert.
+
+ -- Steve Langasek <vorlon@debian.org> Mon, 11 Feb 2013 19:00:19 -0800
+
+pam (1.1.3-7.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix cve-2010-4708: user-configurable .pam_environment allows
+ administrator-level changes without root access (closes: #611136).
+
+ -- Michael Gilbert <mgilbert@debian.org> Sun, 29 Apr 2012 02:23:26 -0400
+
pam (1.1.3-7) unstable; urgency=low
* Updated debconf translations:
diff --git a/debian/patches-applied/cve-2011-4708.patch b/debian/patches-applied/cve-2011-4708.patch
new file mode 100644
index 00000000..b0413ff9
--- /dev/null
+++ b/debian/patches-applied/cve-2011-4708.patch
@@ -0,0 +1,12 @@
+Description: fix cve-2011-4708: .pam_environment privilege issue
+--- pam-1.1.3.orig/modules/pam_env/pam_env.c
++++ pam-1.1.3/modules/pam_env/pam_env.c
+@@ -10,7 +10,7 @@
+ #define DEFAULT_READ_ENVFILE 1
+
+ #define DEFAULT_USER_ENVFILE ".pam_environment"
+-#define DEFAULT_USER_READ_ENVFILE 1
++#define DEFAULT_USER_READ_ENVFILE 0
+
+ #include "config.h"
+
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index 9006ae52..46b106af 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -24,3 +24,4 @@ no_PATH_MAX_on_hurd
lib_security_multiarch_compat
pam_env-fix-overflow.patch
pam_env-fix-dos.patch
+cve-2011-4708.patch