Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package pam changelog | 11 +++++++++++ patches-applied/cve-2015-3238.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff -u pam-1.1.8/debian/changelog pam-1.1.8/debian/changelog --- pam-1.1.8/debian/changelog +++ pam-1.1.8/debian/changelog @@ -1,3 +1,14 @@ +pam (1.1.8-3.6) unstable; urgency=medium + + * Non-maintainer upload. + * cve-2015-3238.patch: Add the changes in the generated pam_exec.8 + and pam_unix.8 in addition to (and after) the changes to the + source .xml files. This avoids unwanted rebuilds that can cause + problems due to differing files on different architectures of + the Multi-Arch: same libpam-modules. (Closes: #851545) + + -- Adrian Bunk <[email protected]> Sat, 27 May 2017 18:44:02 +0300 + pam (1.1.8-3.5) unstable; urgency=medium * Non-maintainer upload. diff -u pam-1.1.8/debian/patches-applied/cve-2015-3238.patch pam-1.1.8/debian/patches-applied/cve-2015-3238.patch --- pam-1.1.8/debian/patches-applied/cve-2015-3238.patch +++ pam-1.1.8/debian/patches-applied/cve-2015-3238.patch @@ -154,0 +155,26 @@ +--- a/modules/pam_unix/pam_unix.8 2017-05-27 15:38:27.000000000 +0000 ++++ b/modules/pam_unix/pam_unix.8 2017-05-27 15:34:49.000000000 +0000 +@@ -56,6 +56,10 @@ + \fBnoreap\fR + module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&. + .PP ++The maximum length of a password supported by the pam_unix module via the helper binary is ++\fIPAM_MAX_RESP_SIZE\fR ++\- currently 512 bytes\&. The rest of the password provided by the conversation function to the module will be ignored\&. ++.PP + The password component of this module performs the task of updating the user\*(Aqs password\&. The default encryption hash is taken from the + \fBENCRYPT_METHOD\fR + variable from +--- a/modules/pam_exec/pam_exec.8 2017-05-27 15:38:27.000000000 +0000 ++++ b/modules/pam_exec/pam_exec.8 2017-05-27 15:56:25.000000000 +0000 +@@ -65,7 +65,9 @@ + \fBexpose_authtok\fR + .RS 4 + During authentication the calling command can read the password from +-\fBstdin\fR(3)\&. ++\fBstdin\fR(3)\&. Only first ++\fIPAM_MAX_RESP_SIZE\fR ++bytes of a password are provided to the command\&. + .RE + .PP + \fBlog=\fR\fB\fIfile\fR\fR
