[Bug 1411225] Re: bad pam stack allows introducing any password on all users
[Expired for libpam-script (Ubuntu) because there has been no activity for 60 days.] ** Changed in: libpam-script (Ubuntu) Status: Incomplete = Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1411225 Title: bad pam stack allows introducing any password on all users To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-script/+bug/1411225/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1411225] Re: bad pam stack allows introducing any password on all users
I've confirmed that /usr/share/pam-configs/pam_script is NOT part of upstream package. There's even a warning in docs regarding PAM stack: Pam_script.so is listed as required so failures will affect the outcome of the PAM stack, particularly for authentication, which will lock a user with greater than deny login failures. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1411225 Title: bad pam stack allows introducing any password on all users To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-script/+bug/1411225/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1411225] Re: bad pam stack allows introducing any password on all users
I think profile belongs to package mantainer, not upstream. at least that's what I can see on http://packages.ubuntu.com/trusty /libpam-script just take a look at: http://archive.ubuntu.com/ubuntu/pool/universe/libp/libpam-script/libpam-script_1.1.6-1.debian.tar.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1411225 Title: bad pam stack allows introducing any password on all users To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-script/+bug/1411225/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1411225] Re: bad pam stack allows introducing any password on all users
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: libpam-script (Ubuntu) Status: New = Incomplete ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1411225 Title: bad pam stack allows introducing any password on all users To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-script/+bug/1411225/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs