-
pam (1.1.8-3.6) unstable; urgency=medium
* Non-maintainer upload.
* cve-2015-3238.patch: Add the changes in the generated pam_exec.8
and pam_unix.8 in addition to (and after) the changes to the
source .xml files. This avoids unwanted rebuilds that can cause
problems due to differing files on different architectures of
the Multi-Arch: same libpam-modules. (Closes: #851545)
-- Adrian Bunk <email address hidden> Sat, 27 May 2017 18:44:02 +0300
-
pam (1.1.8-3.5) unstable; urgency=medium
* Non-maintainer upload.
* Build-Depend on libfl-dev:native as well, for cross builds.
Re-closes: #846459
* Fix "Unescaped left brace in regex" with Perl 5.22. Closes: #810873
-- Adam Borowski <email address hidden> Fri, 30 Dec 2016 14:37:29 +0100
-
pam (1.1.8-3.4) unstable; urgency=medium
* Non-maintainer upload.
* Add libfl-dev to Build-Depends, fixing FTBFS. Closes: #846459
* Move xsl stuff to Build-Depends from -Indep to fix misbuilt manpages.
Closes: #812566
-- Adam Borowski <email address hidden> Sun, 18 Dec 2016 01:03:58 +0100
-
pam (1.1.8-3.3) unstable; urgency=low
* Non-maintainer upload.
[ Steve Langasek ]
* Updated Swedish translation to correct a typo, thanks to Anders Jonsson
and Martin Bagge. Closes: #743875
* Updated Turkish translation, thanks to Mert Dirik <email address hidden>.
(closes: #756756)
* d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default
soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak
<email address hidden> for the patch. Closes: #783105.
* Acknowledge security NMU.
* pam-auth-update: don't mishandle trailing whitespace in profiles.
LP: #1487103.
[ Laurent Bigonville ]
* debian/control: Fix Vcs-* and Homepage fields (Closes: #752343)
* debian/watch: Update watch file and point it to http://www.linux-pam.org
* debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in
namespace.init script (Closes: #624842)
* debian/control: Build-depends against debhelper (>= 9) to match the
defined debhelper compatibility
* Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality,
thanks to Jakub Wilk <email address hidden> for noticing (Closes: #761594)
* debian/control: Bump Standards-Version to 3.9.8 (no further changes)
* debian/libpam-doc.doc-base.applications-guide: Fix spelling
* debian/libpam0g-dev.examples: Do not use shell brace expansion
* debian/patches-applied/pam-loginuid-in-containers: Updated with the version
from Ubuntu, this should fix logins in containers (Closes: #726661)
* debian/patches-applied/update-motd: Updated with the version from Ubuntu:
use /run/motd.dynamic instead of /var/run/motd, nothing in the archive
uses the later (Closes: #743286)
* debian/patches-applied/make_documentation_reproducible.patch: Make the
build reproducible, removes differences when building with different
locale values (Closes: #792127)
-- Laurent Bigonville <email address hidden> Wed, 18 May 2016 02:04:29 +0200
-
pam (1.1.8-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix
module (Closes: #789986)
-- Tianon Gravi <email address hidden> Wed, 06 Jan 2016 15:53:31 -0800
-
pam (1.1.8-3.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix CVE-2013-7041: case-insensitive comparison used for verifying
passwords in the pam_userdb module (closes: #731368).
* Fix CVE-2014-2583: multiple directory traversal issues in the
pam_timestamp module (closes: 757555)
-- Michael Gilbert <email address hidden> Sat, 09 Aug 2014 09:50:42 +0000
