diff options
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch | 32 | ||||
| -rw-r--r-- | debian/patches-applied/pam_mail-fix-quiet | 4 | ||||
| -rw-r--r-- | debian/patches-applied/series | 1 |
4 files changed, 40 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog index 8666f373..e425b3ae 100644 --- a/debian/changelog +++ b/debian/changelog @@ -24,7 +24,11 @@ pam (1.0.1-10) UNRELEASED; urgency=low * debian/patches/update-motd: run the update-motd scripts in pam_motd; render update-motd obsolete, LP: #399071 - -- Steve Langasek <vorlon@debian.org> Sun, 22 Mar 2009 20:36:14 -0700 + [ Sam Hartman ] + * cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem + (CVE-2009-0887) (Closes: #520115) + + -- Sam Hartman <hartmans@debian.org> Fri, 24 Jul 2009 12:24:01 -0400 pam (1.0.1-9) unstable; urgency=low diff --git a/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch b/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch new file mode 100644 index 00000000..e44bc91a --- /dev/null +++ b/debian/patches-applied/cve-2009-0887-libpam-pam_misc.patch @@ -0,0 +1,32 @@ +Patch for cve-2009-0887 +int rather than unsigned char is used to index an array. + +upstream status: fixed upstream + +Index: sid/libpam/pam_misc.c +=================================================================== +--- sid.orig/libpam/pam_misc.c 2009-07-24 12:22:34.000000000 -0400 ++++ sid/libpam/pam_misc.c 2009-07-24 12:22:45.000000000 -0400 +@@ -59,10 +59,11 @@ + + /* initialize table */ + for (i=1; i<256; table[i++] = '\0'); +- for (i=0; format[i] ; table[(int)format[i++]] = 'y'); ++ for (i=0; format[i] ; ++ table[(unsigned char)format[i++]] = 'y'); + + /* look for first non-format char */ +- while (*from && table[(int)*from]) { ++ while (*from && table[(unsigned char)*from]) { + ++from; + } + +@@ -92,7 +93,7 @@ + remains */ + } else if (*from) { + /* simply look for next blank char */ +- for (end=from; *end && !table[(int)*end]; ++end); ++ for (end=from; *end && !table[(unsigned char)*end]; ++end); + } else { + return (*next = NULL); /* no tokens left */ + } diff --git a/debian/patches-applied/pam_mail-fix-quiet b/debian/patches-applied/pam_mail-fix-quiet index 7673effa..b85637ca 100644 --- a/debian/patches-applied/pam_mail-fix-quiet +++ b/debian/patches-applied/pam_mail-fix-quiet @@ -5,8 +5,8 @@ Upstream status: applied in upstream CVS September 2008 Index: sid/modules/pam_mail/pam_mail.c =================================================================== ---- sid.orig/modules/pam_mail/pam_mail.c 2009-05-30 17:02:33.000000000 -0400 -+++ sid/modules/pam_mail/pam_mail.c 2009-05-30 17:20:28.000000000 -0400 +--- sid.orig/modules/pam_mail/pam_mail.c 2009-07-21 04:31:54.000000000 -0400 ++++ sid/modules/pam_mail/pam_mail.c 2009-07-24 12:16:47.000000000 -0400 @@ -303,8 +303,13 @@ { int retval; diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 3e763c96..f9ba7482 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -26,3 +26,4 @@ pam_1.0.4_mindays update-motd pam_mail-fix-quiet +cve-2009-0887-libpam-pam_misc.patch |