Package: pam-pgsql Severity: critical Tags: security Justification: root security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The problem reported in BUG#230875 and marked as fixed (NMU upload) was open again. The changes have disappeared. Please see the patch attached to Bug#230875 regarding sql injection problem with changing password (easy impact would be changing uid to 0 ... root compromise). Primoz Bratanic - -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.10-1-686-smp Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCeiJ5HOuqnSwJthERAiigAJ0WclQhayauLF6qUHr05qdvuWpFuACgzrFQ EILLu3ovr/HW3W08sUij+n8= =a+R3 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
