Your message dated Thu, 26 Jun 2025 18:04:24 +0000
with message-id <e1uuqxu-002sok...@fasolo.debian.org>
and subject line Bug#1107919: fixed in pam 1.7.0-4
has caused the Debian Bug report #1107919,
regarding pam: CVE-2025-6020: pam_namespace: potential privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1107919: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pam
Version: 1.7.0-3
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 1.5.2-6+deb12u1
Control: found -1 1.5.2-6
Hi,
The following vulnerability was published for pam.
CVE-2025-6020[0]:
| pam_namespace: potential privilege escalation
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-6020
https://www.cve.org/CVERecord?id=CVE-2025-6020
[1]
https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
[2]
https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e
https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1
https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773
Please adjust the affected versions in the BTS as needed.
I would say to focus first on unstable -> trixie then we can have a
further look at bookworm.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pam
Source-Version: 1.7.0-4
Done: Sam Hartman <hartm...@debian.org>
We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sam Hartman <hartm...@debian.org> (supplier of updated pam package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Jun 2025 11:42:58 -0600
Source: pam
Architecture: source
Version: 1.7.0-4
Distribution: experimental
Urgency: high
Maintainer: Sam Hartman <hartm...@debian.org>
Changed-By: Sam Hartman <hartm...@debian.org>
Closes: 629438 1103339 1107919
Changes:
pam (1.7.0-4) experimental; urgency=high
.
[ Gioele Barabucci ]
* d/control: Update standards version to 4.7.0, no changes needed
* d/TODO: Remove outdated item about fop (Closes: #629438)
.
[ Sam Hartman ]
* Fix CVE-2025-6020: local privilege escalation in pam_namespace, Closes:
1107919
.
[ James Morris ]
* pam_access improperly checks for group membership of a user.
(Closes: #1103339)
Checksums-Sha1:
1a830d1d6684517f637b87f3dc50cb9a1e39cd21 2210 pam_1.7.0-4.dsc
f0acf867aa27c104ef39ef1626e1a104265ad274 143848 pam_1.7.0-4.debian.tar.xz
Checksums-Sha256:
5d2073ec941f01e0b77b23a1952a7fac946817e876cd2f807c497d968e751614 2210
pam_1.7.0-4.dsc
1341fe8b18910ee85110ccf6e2529a8d4314c38939f333397b71fae2b32e7951 143848
pam_1.7.0-4.debian.tar.xz
Files:
65012acc49924b199283a5afd71e938c 2210 libs optional pam_1.7.0-4.dsc
aa37841d15650d771323937292135ee7 143848 libs optional pam_1.7.0-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCaF2HcwAKCRAsbEw8qDeG
dDkoAQD6qKa9MFaUmuUYATB2q5vhAet2zJzRioPf0QpKyZP9FgD/ZcWdNm6q4rG8
sPnTAc82vOVBjbhK9rJ7x/wpJ4WP5wc=
=ML/6
-----END PGP SIGNATURE-----
pgp1RLz5QGTuK.pgp
Description: PGP signature
--- End Message ---
