Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 343399 - <sys-libs/pam-1.1.3: Multiple vulnerabilities
Summary: <sys-libs/pam-1.1.3: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://pam.cvs.sourceforge.net/viewvc...
Whiteboard: A1 [glsa]
Keywords:
: 341121 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-10-30 16:39 UTC by Tobias Heinlein (RETIRED)
Modified: 2012-06-25 19:10 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Heinlein (RETIRED) gentoo-dev 2010-10-30 16:39:51 UTC
From $URL:

Release 1.1.3

* pam_namespace: Clean environment for childs (CVE-2010-3853)
* libpam: New interface to drop/regain privilegs
* Drop root privilegs in pam_env, pam_mail and pam_xauth before
  accessing user files (CVE-2010-3430, CVE-2010-3431)
* pam_unix: Add minlen option, change default from 6 to 0
* Documentation improvements
* Lot of small bug fixes
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2010-10-30 16:45:08 UTC
Arches, please test and mark stable:
=sys-libs/pam-1.1.3
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 2 Markos Chandras (RETIRED) gentoo-dev 2010-10-31 12:13:28 UTC
amd64 done
Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-11-01 11:57:04 UTC
x86 stable
Comment 4 Tobias Klausmann gentoo-dev 2010-11-01 12:23:06 UTC
Stable on alpha.
Comment 5 Mark Loeser (RETIRED) gentoo-dev 2010-11-01 17:40:38 UTC
ppc64 done
Comment 6 Jeroen Roovers gentoo-dev 2010-11-01 20:16:34 UTC
Stable for HPPA PPC.
Comment 7 Markus Meier gentoo-dev 2010-11-03 18:05:52 UTC
arm stable
Comment 8 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-11-16 18:34:23 UTC
*** Bug 341121 has been marked as a duplicate of this bug. ***
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2010-11-20 15:55:34 UTC
ia64/m68k/s390/sh/sparc stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-01-02 03:09:52 UTC
Thanks, folks. GLSA request filed.
Comment 11 Jaak Ristioja 2011-05-06 17:33:29 UTC
<sys-libs/pam-1.1.3 is no longer in tree, so I quess this bug can be closed?
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-06-25 19:10:43 UTC
This issue was resolved and addressed in
 GLSA 201206-31 at http://security.gentoo.org/glsa/glsa-201206-31.xml
by GLSA coordinator Stefan Behte (craig).