diff -u pam-1.1.3/debian/changelog pam-1.1.3/debian/changelog
--- pam-1.1.3/debian/changelog
+++ pam-1.1.3/debian/changelog
@@ -1,3 +1,11 @@
+pam (1.1.3-7.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix cve-2011-4708: user-configurable .pam_environment allows
+    administrator-level changes without root access (closes: #611136).
+
+ -- Michael Gilbert <mgilbert@debian.org>  Sun, 29 Apr 2012 02:23:26 -0400
+
 pam (1.1.3-7) unstable; urgency=low
 
   * Updated debconf translations:
diff -u pam-1.1.3/debian/patches-applied/series pam-1.1.3/debian/patches-applied/series
--- pam-1.1.3/debian/patches-applied/series
+++ pam-1.1.3/debian/patches-applied/series
@@ -26,0 +27 @@
+cve-2011-4708.patch
only in patch2:
unchanged:
--- pam-1.1.3.orig/debian/patches-applied/cve-2011-4708.patch
+++ pam-1.1.3/debian/patches-applied/cve-2011-4708.patch
@@ -0,0 +1,12 @@
+Description: fix cve-2011-4708: .pam_environment privilege issue
+--- pam-1.1.3.orig/modules/pam_env/pam_env.c
++++ pam-1.1.3/modules/pam_env/pam_env.c
+@@ -10,7 +10,7 @@
+ #define DEFAULT_READ_ENVFILE    1
+ 
+ #define DEFAULT_USER_ENVFILE    ".pam_environment"
+-#define DEFAULT_USER_READ_ENVFILE 1
++#define DEFAULT_USER_READ_ENVFILE 0
+ 
+ #include "config.h"
+ 
