Your message dated Mon, 09 May 2005 07:32:18 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#230875: fixed in pam-pgsql 0.5.2-9
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 May 2005 13:41:05 +0000
>From [EMAIL PROTECTED] Thu May 05 06:41:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from master.debian.org [146.82.138.7]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DTgbB-0005vL-00; Thu, 05 May 2005 06:41:05 -0700
Received: from bsn-77-143-219.dsl.siol.net [193.77.143.219]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DTgb9-0003Rr-00; Thu, 05 May 2005 08:41:04 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Primoz Bratanic <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: pam-pgsql: CAN-2004-0366
X-Mailer: reportbug 3.11
Date: Thu, 05 May 2005 15:41:13 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-9.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
OUR_MTA_MSGID,X_DEBBUGS_CC autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: pam-pgsql
Severity: critical
Tags: security
Justification: root security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The problem reported in BUG#230875 and marked as fixed (NMU upload) was open
again. The changes have disappeared. Please see the patch attached to
Bug#230875 regarding sql injection problem with changing password (easy
impact would be changing uid to 0 ... root compromise).
Primoz Bratanic
- -- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCeiJ5HOuqnSwJthERAiigAJ0WclQhayauLF6qUHr05qdvuWpFuACgzrFQ
EILLu3ovr/HW3W08sUij+n8=
=a+R3
-----END PGP SIGNATURE-----
---------------------------------------
Received: (at 230875-close) by bugs.debian.org; 9 May 2005 11:46:56 +0000
>From [EMAIL PROTECTED] Mon May 09 04:46:56 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DV6iu-0004E4-00; Mon, 09 May 2005 04:46:56 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DV6Uk-0004lU-00; Mon, 09 May 2005 07:32:18 -0400
From: Primoz Bratanic <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#230875: fixed in pam-pgsql 0.5.2-9
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 09 May 2005 07:32:18 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 11
Source: pam-pgsql
Source-Version: 0.5.2-9
We believe that the bug you reported is fixed in the latest version of
pam-pgsql, which is due to be installed in the Debian FTP archive:
libpam-pgsql_0.5.2-9_i386.deb
to pool/main/p/pam-pgsql/libpam-pgsql_0.5.2-9_i386.deb
pam-pgsql_0.5.2-9.diff.gz
to pool/main/p/pam-pgsql/pam-pgsql_0.5.2-9.diff.gz
pam-pgsql_0.5.2-9.dsc
to pool/main/p/pam-pgsql/pam-pgsql_0.5.2-9.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Primoz Bratanic <[EMAIL PROTECTED]> (supplier of updated pam-pgsql package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 8 May 2005 23:10:16 +0200
Source: pam-pgsql
Binary: libpam-pgsql
Architecture: source i386
Version: 0.5.2-9
Distribution: unstable
Urgency: low
Maintainer: Primoz Bratanic <[EMAIL PROTECTED]>
Changed-By: Primoz Bratanic <[EMAIL PROTECTED]>
Description:
libpam-pgsql - PAM module to authenticate using a PostgreSQL database
Closes: 130496 139473 142889 204181 204439 218291 230875 236484 240823 247536
280774 281703 303198 307366 307784
Changes:
pam-pgsql (0.5.2-9) unstable; urgency=low
.
* Reapplied security patches (Closes: #230875,#307784)
* Boolean values works with boolean type as well (Closes: #130496)
* Documentation typo (Closes: #218291)
* Reapplied other NMU patches (Closes: #307366)
* Allow port specification (Closes: #247536)
* Reapplied "Stack-Friendly patch" (Closes: #139473)
* Deleted wrong README.Debian (Closes: #204181)
* Documented host and port options (Closes: #204439)
* Reapplied patch to allow different config files (Closes: #236484)
* Reapplied patch to support another MD5 type passwords (Closes: #142889)
* Change "must change password" field (if any) to false after changing
password
* Deleted build-all from root (Closes: #240823)
* Fixed few memory leaks (Closes: #280774)
* Added timeout option for database connects (Closes: #281703)
* Use debian/compat instead of DH_COMPAT
* drop DH_COMPAT and DH_VERBOSE exports from debian/rules
* don't ask root for password whan changing password
* New Maintainer (Closes: #303198)
* Fixed PAM stack to behave exactly as expected with use_authtok
* Fixed a lot of memory leaks introduced by security patches
* Fixed a lot of memory leaks arround returning error early
Files:
074fc0709067f077f6972e980ed6a464 620 admin extra pam-pgsql_0.5.2-9.dsc
f667f5b2dc4689d4b5abe58adea10428 71833 admin extra pam-pgsql_0.5.2-9.diff.gz
41fbf6743108146098868d82abb79b86 15394 admin extra
libpam-pgsql_0.5.2-9_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCf0ZA97LBwbNFvdMRAjxdAJ4mx2lgQnszA30FmjovGtEx460gyQCfYwAB
mymZOzojT/MstkqwUrKX/K8=
=dJ7/
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
