Summary: | <sys-libs/pam-1.2.1: username enumeration and denial of service attack (CVE-2015-3238) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | pam-bugs+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/06/25/13 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-06-26 09:27:33 UTC
Commit message: Version bump http://sources.gentoo.org/sys-libs/pam/pam-1.2.1.ebuild?rev=1.1 pam-1.2.0 has been in the tree for over 30 days and i haven't seen any regression reports. 1.2.1 only fixes the security issues over 1.2.0, so that bump doesn't matter. it would be nice if 1.2.x could bake longer, but oh well. should be fine to stabilize 1.2.1 i think. note: stabilize 1.2.1 and not 1.2.1-r1 amd64 stable Stable for PPC64. Stable on alpha. Stable for HPPA. x86 stable ia64 stable arm stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Maintainer(s), Thank you for you for cleanup. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). It has been 30 days+ since cleanup requested. Maintainer(s), please drop the vulnerable version(s). Can we please clean this up? We have all these versions available: pam-1.1.5.ebuild pam-1.1.6-r2.ebuild pam-1.1.8.ebuild pam-1.1.8-r1.ebuild pam-1.1.8-r2.ebuild pam-1.1.8-r3.ebuild pam-1.2.0.ebuild pam-1.2.1.ebuild pam-1.2.1-r1.ebuild Cleanup complete: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0819b4caa858b34434c1d21217ffea94d76215b This issue was resolved and addressed in GLSA 201605-05 at https://security.gentoo.org/glsa/201605-05 by GLSA coordinator Yury German (BlueKnight). |