From 1f362f8fbacbe742c940187199bff4b5b28c9561 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Mon, 11 Feb 2013 19:02:37 -0800 Subject: Confirm NMU for bug #611136; thanks to Michael Gilbert. --- debian/changelog | 14 ++++++++++++++ debian/patches-applied/cve-2011-4708.patch | 12 ++++++++++++ debian/patches-applied/series | 1 + 3 files changed, 27 insertions(+) create mode 100644 debian/patches-applied/cve-2011-4708.patch diff --git a/debian/changelog b/debian/changelog index c54feb60..1e124627 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +pam (1.1.3-8) UNRELEASED; urgency=low + + * Confirm NMU for bug #611136; thanks to Michael Gilbert. + + -- Steve Langasek Mon, 11 Feb 2013 19:00:19 -0800 + +pam (1.1.3-7.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix cve-2010-4708: user-configurable .pam_environment allows + administrator-level changes without root access (closes: #611136). + + -- Michael Gilbert Sun, 29 Apr 2012 02:23:26 -0400 + pam (1.1.3-7) unstable; urgency=low * Updated debconf translations: diff --git a/debian/patches-applied/cve-2011-4708.patch b/debian/patches-applied/cve-2011-4708.patch new file mode 100644 index 00000000..b0413ff9 --- /dev/null +++ b/debian/patches-applied/cve-2011-4708.patch @@ -0,0 +1,12 @@ +Description: fix cve-2011-4708: .pam_environment privilege issue +--- pam-1.1.3.orig/modules/pam_env/pam_env.c ++++ pam-1.1.3/modules/pam_env/pam_env.c +@@ -10,7 +10,7 @@ + #define DEFAULT_READ_ENVFILE 1 + + #define DEFAULT_USER_ENVFILE ".pam_environment" +-#define DEFAULT_USER_READ_ENVFILE 1 ++#define DEFAULT_USER_READ_ENVFILE 0 + + #include "config.h" + diff --git a/debian/patches-applied/series b/debian/patches-applied/series index 9006ae52..46b106af 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -24,3 +24,4 @@ no_PATH_MAX_on_hurd lib_security_multiarch_compat pam_env-fix-overflow.patch pam_env-fix-dos.patch +cve-2011-4708.patch -- cgit v1.2.3