pam: CVE-2009-0887 integer signedness error could lead to DoS or authentication bypass

Debian Bug report logs - #520115
pam: CVE-2009-0887 integer signedness error could lead to DoS or authentication bypass

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: submit@bugs.debian.org

Subject: pam: CVE-2009-0887 integer signedness error could lead to DoS or authentication bypass

Date: Tue, 17 Mar 2009 15:11:52 +0100

[Message part 1 (text/plain, inline)]

Source: pam
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for pam.

CVE-2009-0887[0]:
| Integer signedness error in the _pam_StrTok function in
| libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a
| configuration file contains non-ASCII usernames, might allow remote
| attackers to cause a denial of service, and might allow remote
| authenticated users to obtain login access with a different user's
| non-ASCII username, via a login attempt.

Upstream patch:
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/libpam/pam_misc.c?r1=1.9&r2=1.10&view=patch

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0887
    http://security-tracker.debian.net/tracker/CVE-2009-0887

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #12 received at 520115@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 520115@bugs.debian.org

Subject: Re: pam: CVE-2009-0887 integer signedness error could lead to DoS or authentication bypass

Date: Tue, 17 Mar 2009 15:52:07 +0100

[Message part 1 (text/plain, inline)]

Hi,
I set the severity to important for now as this can't really 
be triggered by an attacker but needs interaction from the 
adminstrator. Maybe we should even handle this as a regular 
bug rather than a security issue.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #21 received at 520115-close@bugs.debian.org (full text, mbox, reply):

From: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>

To: 520115-close@bugs.debian.org

Subject: Bug#520115: fixed in pam 1.0.1-5+lenny1

Date: Tue, 24 Mar 2009 07:53:37 +0000

Source: pam
Source-Version: 1.0.1-5+lenny1

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:

libpam-cracklib_1.0.1-5+lenny1_i386.deb
  to pool/main/p/pam/libpam-cracklib_1.0.1-5+lenny1_i386.deb
libpam-doc_1.0.1-5+lenny1_all.deb
  to pool/main/p/pam/libpam-doc_1.0.1-5+lenny1_all.deb
libpam-modules_1.0.1-5+lenny1_i386.deb
  to pool/main/p/pam/libpam-modules_1.0.1-5+lenny1_i386.deb
libpam-runtime_1.0.1-5+lenny1_all.deb
  to pool/main/p/pam/libpam-runtime_1.0.1-5+lenny1_all.deb
libpam0g-dev_1.0.1-5+lenny1_i386.deb
  to pool/main/p/pam/libpam0g-dev_1.0.1-5+lenny1_i386.deb
libpam0g_1.0.1-5+lenny1_i386.deb
  to pool/main/p/pam/libpam0g_1.0.1-5+lenny1_i386.deb
pam_1.0.1-5+lenny1.diff.gz
  to pool/main/p/pam/pam_1.0.1-5+lenny1.diff.gz
pam_1.0.1-5+lenny1.dsc
  to pool/main/p/pam/pam_1.0.1-5+lenny1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 520115@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 17 Mar 2009 18:51:07 +0100
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source all i386
Version: 1.0.1-5+lenny1
Distribution: stable
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 520115
Changes: 
 pam (1.0.1-5+lenny1) stable; urgency=high
 .
   * Security NMU, high urgency.
   * Fix signedness error in _pam_StrTok(), CVE-2009-0887.
     Closes: #520115.
Checksums-Sha1: 
 08f79c5853de45e71ee8e6a0e42b1e5c237e3dfc 1508 pam_1.0.1-5+lenny1.dsc
 2bf3eedc4e4c67ee99baee1b2882ab3e74e44b12 145990 pam_1.0.1-5+lenny1.diff.gz
 0cebb023da329157444c84bb1214da3735ef3513 165310 libpam-runtime_1.0.1-5+lenny1_all.deb
 2a9a3f9cd5ce6930b1cb2b1a0706ab8f72720152 294510 libpam-doc_1.0.1-5+lenny1_all.deb
 6e76844bca68041b5ae0f03547028ccfc83b54d1 103594 libpam0g_1.0.1-5+lenny1_i386.deb
 b1a1ea3fc1043eab6b9b1707677f39b0098e4b03 293958 libpam-modules_1.0.1-5+lenny1_i386.deb
 963150db6ca491f1e5e88106775a6c3052719b99 162096 libpam0g-dev_1.0.1-5+lenny1_i386.deb
 fa668d15085532c69565f0bead57db25d6971bf5 65438 libpam-cracklib_1.0.1-5+lenny1_i386.deb
Checksums-Sha256: 
 2c6c6f1c5d4bb1492f5a05e9ee659db6d87dc44a1de26b571eed912e3c845e84 1508 pam_1.0.1-5+lenny1.dsc
 fbefd3d5cd60e6c34c645ae8e4315aeca857343037cb23583c1328db7872e672 145990 pam_1.0.1-5+lenny1.diff.gz
 3d2f29c308844e09ac72e4b914fb99d93b8e898f68b6de11e67d453ae1307ba7 165310 libpam-runtime_1.0.1-5+lenny1_all.deb
 d34263dab615cf6254a4debd79e07eb802b9dbd9193397028a8fee9f139428bb 294510 libpam-doc_1.0.1-5+lenny1_all.deb
 2b77bbe7bf33e7108a89e1b4301c7d270c9f41e2036aa397881f0c597274e7ea 103594 libpam0g_1.0.1-5+lenny1_i386.deb
 492557dc26bf62827b027362f88750a8b904700dc4b063f81a780f9741c3d212 293958 libpam-modules_1.0.1-5+lenny1_i386.deb
 90beaf63e380ae98e93d83b175052282083008f502797e9bba2b699702c5dc43 162096 libpam0g-dev_1.0.1-5+lenny1_i386.deb
 c701e1f9565c94d121320d331c30beaf49cce07c110b2f28536f8b7ddcd94e6f 65438 libpam-cracklib_1.0.1-5+lenny1_i386.deb
Files: 
 2aae14803005104cc30a7bcdda9d75eb 1508 libs optional pam_1.0.1-5+lenny1.dsc
 6caa1adbcfa4183f6c5e44714da83164 145990 libs optional pam_1.0.1-5+lenny1.diff.gz
 5ae1f212c4b27e83e2241c600cb8ace0 165310 admin required libpam-runtime_1.0.1-5+lenny1_all.deb
 ff96edd761a0a34d1bf8932628e95451 294510 doc optional libpam-doc_1.0.1-5+lenny1_all.deb
 7194529c3dd2e201ffc3c1f7a85a934c 103594 libs required libpam0g_1.0.1-5+lenny1_i386.deb
 2b1f6392b59d4de7ce5aa514507ed65c 293958 libs required libpam-modules_1.0.1-5+lenny1_i386.deb
 a4ea49a731dcce3b93c1de11456e5344 162096 libdevel optional libpam0g-dev_1.0.1-5+lenny1_i386.deb
 f0f37eb0ef282632e5f7cb2cdfc0db00 65438 libs optional libpam-cracklib_1.0.1-5+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknAO2AACgkQHYflSXNkfP8oQQCdFZ7huiTyLocWBEq+oicIcq12
+zwAn1wMPGqQcSGJih9rS59bOPArQ85C
=hKg4
-----END PGP SIGNATURE-----

Message #26 received at 520115-close@bugs.debian.org (full text, mbox, reply):

From: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>

To: 520115-close@bugs.debian.org

Subject: Bug#520115: fixed in pam 0.79-5+etch4

Date: Tue, 24 Mar 2009 19:53:40 +0000

Source: pam
Source-Version: 0.79-5+etch4

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:

libpam-cracklib_0.79-5+etch4_i386.deb
  to pool/main/p/pam/libpam-cracklib_0.79-5+etch4_i386.deb
libpam-doc_0.79-5+etch4_all.deb
  to pool/main/p/pam/libpam-doc_0.79-5+etch4_all.deb
libpam-modules_0.79-5+etch4_i386.deb
  to pool/main/p/pam/libpam-modules_0.79-5+etch4_i386.deb
libpam-runtime_0.79-5+etch4_all.deb
  to pool/main/p/pam/libpam-runtime_0.79-5+etch4_all.deb
libpam0g-dev_0.79-5+etch4_i386.deb
  to pool/main/p/pam/libpam0g-dev_0.79-5+etch4_i386.deb
libpam0g_0.79-5+etch4_i386.deb
  to pool/main/p/pam/libpam0g_0.79-5+etch4_i386.deb
pam_0.79-5+etch4.diff.gz
  to pool/main/p/pam/pam_0.79-5+etch4.diff.gz
pam_0.79-5+etch4.dsc
  to pool/main/p/pam/pam_0.79-5+etch4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 520115@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 17 Mar 2009 22:29:19 +0100
Source: pam
Binary: libpam0g-dev libpam0g libpam-modules libpam-doc libpam-runtime libpam-cracklib
Architecture: source i386 all
Version: 0.79-5+etch4
Distribution: oldstable
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 520115
Changes: 
 pam (0.79-5+etch4) oldstable; urgency=high
 .
   * Security NMU, high urgency.
   * Fix signedness error in _pam_StrTok(), CVE-2009-0887.
     Closes: #520115.
Files: 
 2950f9ad56b140b065d46032ea343a9e 990 libs optional pam_0.79-5+etch4.dsc
 0988f7bab0212a8b0b2e45dbe0efcd64 137339 libs optional pam_0.79-5+etch4.diff.gz
 577d30df5573e424f6c45c369b1fbd8d 64570 admin required libpam-runtime_0.79-5+etch4_all.deb
 ef3961b28a429b3abbdfa6ac26798c6b 732360 doc optional libpam-doc_0.79-5+etch4_all.deb
 bbe9f13efb3d2ecc2b17d95d173ed7f7 80678 libs required libpam0g_0.79-5+etch4_i386.deb
 085040a84b3094b193ef7a299b0c8993 187798 libs required libpam-modules_0.79-5+etch4_i386.deb
 650cd54cb72369614650cd40f49698cd 119750 libdevel optional libpam0g-dev_0.79-5+etch4_i386.deb
 651638be65d45eb7e507fc791ffa8697 59450 libs optional libpam-cracklib_0.79-5+etch4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknAO1UACgkQHYflSXNkfP9bAACfSeSNqVOUWAGfOOXrg4P2dETK
y+sAnjpx9EetPdyoh+CgUmlkBAH9m0sX
=8R/D
-----END PGP SIGNATURE-----

Message #31 received at 520115-close@bugs.debian.org (full text, mbox, reply):

From: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>

To: 520115-close@bugs.debian.org

Subject: Bug#520115: fixed in pam 0.79-5+etch4

Date: Thu, 09 Apr 2009 17:11:02 +0000

Source: pam
Source-Version: 0.79-5+etch4

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:

libpam-cracklib_0.79-5+etch4_i386.deb
  to pool/main/p/pam/libpam-cracklib_0.79-5+etch4_i386.deb
libpam-doc_0.79-5+etch4_all.deb
  to pool/main/p/pam/libpam-doc_0.79-5+etch4_all.deb
libpam-modules_0.79-5+etch4_i386.deb
  to pool/main/p/pam/libpam-modules_0.79-5+etch4_i386.deb
libpam-runtime_0.79-5+etch4_all.deb
  to pool/main/p/pam/libpam-runtime_0.79-5+etch4_all.deb
libpam0g-dev_0.79-5+etch4_i386.deb
  to pool/main/p/pam/libpam0g-dev_0.79-5+etch4_i386.deb
libpam0g_0.79-5+etch4_i386.deb
  to pool/main/p/pam/libpam0g_0.79-5+etch4_i386.deb
pam_0.79-5+etch4.diff.gz
  to pool/main/p/pam/pam_0.79-5+etch4.diff.gz
pam_0.79-5+etch4.dsc
  to pool/main/p/pam/pam_0.79-5+etch4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 520115@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 17 Mar 2009 22:29:19 +0100
Source: pam
Binary: libpam0g-dev libpam0g libpam-modules libpam-doc libpam-runtime libpam-cracklib
Architecture: source i386 all
Version: 0.79-5+etch4
Distribution: oldstable
Urgency: high
Maintainer: Sam Hartman <hartmans@debian.org>
Changed-By: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 520115
Changes: 
 pam (0.79-5+etch4) oldstable; urgency=high
 .
   * Security NMU, high urgency.
   * Fix signedness error in _pam_StrTok(), CVE-2009-0887.
     Closes: #520115.
Files: 
 2950f9ad56b140b065d46032ea343a9e 990 libs optional pam_0.79-5+etch4.dsc
 0988f7bab0212a8b0b2e45dbe0efcd64 137339 libs optional pam_0.79-5+etch4.diff.gz
 577d30df5573e424f6c45c369b1fbd8d 64570 admin required libpam-runtime_0.79-5+etch4_all.deb
 ef3961b28a429b3abbdfa6ac26798c6b 732360 doc optional libpam-doc_0.79-5+etch4_all.deb
 bbe9f13efb3d2ecc2b17d95d173ed7f7 80678 libs required libpam0g_0.79-5+etch4_i386.deb
 085040a84b3094b193ef7a299b0c8993 187798 libs required libpam-modules_0.79-5+etch4_i386.deb
 650cd54cb72369614650cd40f49698cd 119750 libdevel optional libpam0g-dev_0.79-5+etch4_i386.deb
 651638be65d45eb7e507fc791ffa8697 59450 libs optional libpam-cracklib_0.79-5+etch4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknAO1UACgkQHYflSXNkfP9bAACfSeSNqVOUWAGfOOXrg4P2dETK
y+sAnjpx9EetPdyoh+CgUmlkBAH9m0sX
=8R/D
-----END PGP SIGNATURE-----

Message #36 received at 520115-close@bugs.debian.org (full text, mbox, reply):

From: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>

To: 520115-close@bugs.debian.org

Subject: Bug#520115: fixed in pam 1.0.1-5+lenny1

Date: Sat, 11 Apr 2009 16:47:36 +0000

Source: pam
Source-Version: 1.0.1-5+lenny1

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:

libpam-cracklib_1.0.1-5+lenny1_i386.deb
  to pool/main/p/pam/libpam-cracklib_1.0.1-5+lenny1_i386.deb
libpam-doc_1.0.1-5+lenny1_all.deb
  to pool/main/p/pam/libpam-doc_1.0.1-5+lenny1_all.deb
libpam-modules_1.0.1-5+lenny1_i386.deb
  to pool/main/p/pam/libpam-modules_1.0.1-5+lenny1_i386.deb
libpam-runtime_1.0.1-5+lenny1_all.deb
  to pool/main/p/pam/libpam-runtime_1.0.1-5+lenny1_all.deb
libpam0g-dev_1.0.1-5+lenny1_i386.deb
  to pool/main/p/pam/libpam0g-dev_1.0.1-5+lenny1_i386.deb
libpam0g_1.0.1-5+lenny1_i386.deb
  to pool/main/p/pam/libpam0g_1.0.1-5+lenny1_i386.deb
pam_1.0.1-5+lenny1.diff.gz
  to pool/main/p/pam/pam_1.0.1-5+lenny1.diff.gz
pam_1.0.1-5+lenny1.dsc
  to pool/main/p/pam/pam_1.0.1-5+lenny1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 520115@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 17 Mar 2009 18:51:07 +0100
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source all i386
Version: 1.0.1-5+lenny1
Distribution: stable
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 520115
Changes: 
 pam (1.0.1-5+lenny1) stable; urgency=high
 .
   * Security NMU, high urgency.
   * Fix signedness error in _pam_StrTok(), CVE-2009-0887.
     Closes: #520115.
Checksums-Sha1: 
 08f79c5853de45e71ee8e6a0e42b1e5c237e3dfc 1508 pam_1.0.1-5+lenny1.dsc
 2bf3eedc4e4c67ee99baee1b2882ab3e74e44b12 145990 pam_1.0.1-5+lenny1.diff.gz
 0cebb023da329157444c84bb1214da3735ef3513 165310 libpam-runtime_1.0.1-5+lenny1_all.deb
 2a9a3f9cd5ce6930b1cb2b1a0706ab8f72720152 294510 libpam-doc_1.0.1-5+lenny1_all.deb
 6e76844bca68041b5ae0f03547028ccfc83b54d1 103594 libpam0g_1.0.1-5+lenny1_i386.deb
 b1a1ea3fc1043eab6b9b1707677f39b0098e4b03 293958 libpam-modules_1.0.1-5+lenny1_i386.deb
 963150db6ca491f1e5e88106775a6c3052719b99 162096 libpam0g-dev_1.0.1-5+lenny1_i386.deb
 fa668d15085532c69565f0bead57db25d6971bf5 65438 libpam-cracklib_1.0.1-5+lenny1_i386.deb
Checksums-Sha256: 
 2c6c6f1c5d4bb1492f5a05e9ee659db6d87dc44a1de26b571eed912e3c845e84 1508 pam_1.0.1-5+lenny1.dsc
 fbefd3d5cd60e6c34c645ae8e4315aeca857343037cb23583c1328db7872e672 145990 pam_1.0.1-5+lenny1.diff.gz
 3d2f29c308844e09ac72e4b914fb99d93b8e898f68b6de11e67d453ae1307ba7 165310 libpam-runtime_1.0.1-5+lenny1_all.deb
 d34263dab615cf6254a4debd79e07eb802b9dbd9193397028a8fee9f139428bb 294510 libpam-doc_1.0.1-5+lenny1_all.deb
 2b77bbe7bf33e7108a89e1b4301c7d270c9f41e2036aa397881f0c597274e7ea 103594 libpam0g_1.0.1-5+lenny1_i386.deb
 492557dc26bf62827b027362f88750a8b904700dc4b063f81a780f9741c3d212 293958 libpam-modules_1.0.1-5+lenny1_i386.deb
 90beaf63e380ae98e93d83b175052282083008f502797e9bba2b699702c5dc43 162096 libpam0g-dev_1.0.1-5+lenny1_i386.deb
 c701e1f9565c94d121320d331c30beaf49cce07c110b2f28536f8b7ddcd94e6f 65438 libpam-cracklib_1.0.1-5+lenny1_i386.deb
Files: 
 2aae14803005104cc30a7bcdda9d75eb 1508 libs optional pam_1.0.1-5+lenny1.dsc
 6caa1adbcfa4183f6c5e44714da83164 145990 libs optional pam_1.0.1-5+lenny1.diff.gz
 5ae1f212c4b27e83e2241c600cb8ace0 165310 admin required libpam-runtime_1.0.1-5+lenny1_all.deb
 ff96edd761a0a34d1bf8932628e95451 294510 doc optional libpam-doc_1.0.1-5+lenny1_all.deb
 7194529c3dd2e201ffc3c1f7a85a934c 103594 libs required libpam0g_1.0.1-5+lenny1_i386.deb
 2b1f6392b59d4de7ce5aa514507ed65c 293958 libs required libpam-modules_1.0.1-5+lenny1_i386.deb
 a4ea49a731dcce3b93c1de11456e5344 162096 libdevel optional libpam0g-dev_1.0.1-5+lenny1_i386.deb
 f0f37eb0ef282632e5f7cb2cdfc0db00 65438 libs optional libpam-cracklib_1.0.1-5+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknAO2AACgkQHYflSXNkfP8oQQCdFZ7huiTyLocWBEq+oicIcq12
+zwAn1wMPGqQcSGJih9rS59bOPArQ85C
=hKg4
-----END PGP SIGNATURE-----

Message #47 received at 520115-close@bugs.debian.org (full text, mbox, reply):

From: Steve Langasek <vorlon@debian.org>

To: 520115-close@bugs.debian.org

Subject: Bug#520115: fixed in pam 1.0.1-10

Date: Fri, 07 Aug 2009 09:48:15 +0000

Source: pam
Source-Version: 1.0.1-10

We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:

libpam-cracklib_1.0.1-10_amd64.deb
  to pool/main/p/pam/libpam-cracklib_1.0.1-10_amd64.deb
libpam-doc_1.0.1-10_all.deb
  to pool/main/p/pam/libpam-doc_1.0.1-10_all.deb
libpam-modules_1.0.1-10_amd64.deb
  to pool/main/p/pam/libpam-modules_1.0.1-10_amd64.deb
libpam-runtime_1.0.1-10_all.deb
  to pool/main/p/pam/libpam-runtime_1.0.1-10_all.deb
libpam0g-dev_1.0.1-10_amd64.deb
  to pool/main/p/pam/libpam0g-dev_1.0.1-10_amd64.deb
libpam0g_1.0.1-10_amd64.deb
  to pool/main/p/pam/libpam0g_1.0.1-10_amd64.deb
pam_1.0.1-10.diff.gz
  to pool/main/p/pam/pam_1.0.1-10.diff.gz
pam_1.0.1-10.dsc
  to pool/main/p/pam/pam_1.0.1-10.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 520115@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Langasek <vorlon@debian.org> (supplier of updated pam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 06 Aug 2009 17:54:32 +0100
Source: pam
Binary: libpam0g libpam-modules libpam-runtime libpam0g-dev libpam-cracklib libpam-doc
Architecture: source all amd64
Version: 1.0.1-10
Distribution: unstable
Urgency: high
Maintainer: Steve Langasek <vorlon@debian.org>
Changed-By: Steve Langasek <vorlon@debian.org>
Description: 
 libpam-cracklib - PAM module to enable cracklib support
 libpam-doc - Documentation of PAM
 libpam-modules - Pluggable Authentication Modules for PAM
 libpam-runtime - Runtime support for the PAM library
 libpam0g   - Pluggable Authentication Modules library
 libpam0g-dev - Development files for PAM
Closes: 439268 514437 519927 520115 520785 521530 521874 524285
Changes: 
 pam (1.0.1-10) unstable; urgency=high
 .
   [ Steve Langasek ]
   * Updated debconf translations:
     - Finnish, thanks to Esko Arajärvi <edu@iki.fi> (closes: #520785)
     - Russian, thanks to Yuri Kozlov <yuray@komyakino.ru> (closes: #521874)
     - German, thanks to Sven Joachim <svenjoac@gmx.de> (closes: #521530)
     - Basque, thanks to Piarres Beobide <pi+debian@beobide.net>
       (closes: #524285)
   * When no profiles are chosen in pam-auth-update, throw an error message
     and prompt again instead of letting the user end up with an insecure
     system.  This introduces a new debconf template.  Closes: #519927,
     LP: #410171.
 .
   [ Kees Cook ]
   * Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes
     for MINDAYS-Field regression (closes: #514437).
   * debian/control: add missing misc:Depends for packages that need it.
 .
   [ Sam Hartman ]
   * Remove conflicts information for transitions prior to woody release
   * Fix lintian overrides for libpam-runtime
   * Overrides for lintian finding quilt patches
   * pam_mail-fix-quiet: patch from Andreas Henriksson
     applied upstream to fix quiet option of pam_mail, Closes: #439268
 .
   [ Dustin Kirkland ]
   * debian/patches/update-motd: run the update-motd scripts in pam_motd;
     render update-motd obsolete, LP: #399071
 .
   [ Sam Hartman ]
   * cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem
     (CVE-2009-0887) (Closes: #520115)
Checksums-Sha1: 
 a34c54b08bdbdb2b449fc4ea7f698c6a6544ca83 1476 pam_1.0.1-10.dsc
 2352cfcab3b9dfd58288f689dd8185f6e25ff5c3 168757 pam_1.0.1-10.diff.gz
 1c0f22a6142387a89fb61f0c64e3d2b365fb4472 185302 libpam-runtime_1.0.1-10_all.deb
 82e4437148dd3eb0339f823efca1542f3a8936e3 290030 libpam-doc_1.0.1-10_all.deb
 89593e28667fbd096a603e9aa671182a7b9e76dc 107424 libpam0g_1.0.1-10_amd64.deb
 ba5ee564239ccc995c70dcd9e026ddf37b683acb 308352 libpam-modules_1.0.1-10_amd64.deb
 91e97cfca222cbbf1759622f7f6e16a97aad0385 164620 libpam0g-dev_1.0.1-10_amd64.deb
 3622324c43229759bdf46b08f6c99400f0c69c5f 67122 libpam-cracklib_1.0.1-10_amd64.deb
Checksums-Sha256: 
 524ad52a2cb21ef2d7d0b3e789502b6b018331d8762ea1b8fc2d1ad3c846893f 1476 pam_1.0.1-10.dsc
 3a77a847b3047e953c21d20eac91fb5082abe2aaafbd60c3fa67b916b8a9541a 168757 pam_1.0.1-10.diff.gz
 bcc1d318615ca39e42b3ff096d740269d98f767bf91ff0fa556d49ca39afd09c 185302 libpam-runtime_1.0.1-10_all.deb
 f265f0f496c38f6090423dde359af0d94ffef70f316f46e91ceb3356d047d714 290030 libpam-doc_1.0.1-10_all.deb
 d5550e7e11f46084c8f90f14cc270791dcdbb034bce72e565182923ed3fad85b 107424 libpam0g_1.0.1-10_amd64.deb
 295ed8f48dd1d80f5c838d2832ee4277afb7ef5c34f154fd0a7003fabb71f8c5 308352 libpam-modules_1.0.1-10_amd64.deb
 0e857df2a93516c824b32fd3a0d429b0ff60d9d4071f5c9aef6f9648de824aa5 164620 libpam0g-dev_1.0.1-10_amd64.deb
 bf473afe6779e4abe1c5db16cea16c7624f147be97ca9bb98ac4c7654e32ed07 67122 libpam-cracklib_1.0.1-10_amd64.deb
Files: 
 e855122d140c1a44924fb54626054589 1476 libs optional pam_1.0.1-10.dsc
 92722914c958c0a61b824ff3279a761c 168757 libs optional pam_1.0.1-10.diff.gz
 fd6d366f7937cdcb815324567c7687e4 185302 admin required libpam-runtime_1.0.1-10_all.deb
 1bb98d626982f15d37a2067fd5bbdf53 290030 doc optional libpam-doc_1.0.1-10_all.deb
 dc49fdff0e24efdcc8e565b62313a4e5 107424 libs required libpam0g_1.0.1-10_amd64.deb
 e8b87833baa1ab14e81cd07e1d625ab2 308352 admin required libpam-modules_1.0.1-10_amd64.deb
 58844a1f9adfd79ee6418857b343fc2c 164620 libdevel optional libpam0g-dev_1.0.1-10_amd64.deb
 d5b97024de0f82e6a0342c0a1ae4e6b5 67122 admin optional libpam-cracklib_1.0.1-10_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKe+8IKN6ufymYLloRAmILAKCsex73eImP7a223I7bL736aBJSxACeIncJ
4BG4q4uLjYnmhrb90deF6Ak=
=wLvA
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.